Learn about regreSSHion, the high severity RCE vulnerability (CVE-2024-6387) in OpenSSH, its impact, and protection measures

BlueToolkit is designed to uncover both new and old vulnerabilities in Bluetooth-enabled devices. This makes it a capable tool for vulnerability research, penetration testing, and Bluetooth hacking

Web Race Conditions – Success and Failure – a Keycloak Case Study In today’s connected world, many organizations’ “keys to the kingdom” are held in identity and access management (IAM) solutions;...

We discovered 4 critical code vulnerabilities in Gogs, a source code hosting solution, which are still unpatched. Read about the details and how to protect yourself.

To provide users with a safer browsing experience, the IETF proposal named “Incrementally Better Cookies” set in motion a few important changes to address Cross-Site Request Forgery (CSRF) and other client-side issues. Soon after, Chrome and other major browsers…

Multiple vulnerabilities affecting the CocoaPods ecosystem, have been discovered, posing a major risk of supply chain attacks.

Execute ELF files without dropping them on disk. Contribute to nnsee/fileless-elf-exec development by creating an account on GitHub.

This is a recap of a complete NetHunter Hacker series where I covered various aspects of Kali NetHunter providing detailed insights, tutorials, and practical examples to help you harness its capabilities to its fullest potential. Quick video introduction…

UDRLs and prepended loaders aren’t the only way to execute a raw payload and get a direct hooking in place. In the case of Cobalt Strike, a generic PE loader can be tweaked to execute an UDRL-less Beacon and get direct hooking for an easier prototyping of…

A more fitting noscript for this post could have been “$10 for an XSS” ;), but to summarize, I discovered a Cross-Site Scripting (XSS) vulnerability on the US website of the well-known ele…

Okay, if you’re reading this, you probably know what fuzzing is. As an incredibly reductive summary: fuzzing is an automated, random testing process which tries to explore the state space (e.g., different interpretations of the input or behaviour) of a program…

This blog aims to explore the “Cloud Secrets Management Stores” sub-technique (T1555.006) of the MITRE ATT&CK Cloud Matrix for Enterprise. This sub-technique is part of the broader Credentials from Password Stores technique (T1555), which focuses on how adversaries…

Intro Hi everyone! Oftentimes, when programming things that are supposed to be secure, we hear stuff about only using Cryptographically Secure PRNGs (CSPRNGs), and not just any old random-number generating function such as Python’s random module or PHP’s…

When running the diversity of applications required today to power our many tools and platforms, the need for more granular application-level visibility, has become critical for many engineering teams.

By chaining various messaging APIs in browsers and browser extensions, I demonstrate how we can jump from web pages to “universal code execution”, breaking both Same Origin Policy and the browser sandbox. I provide two new vulnerability disclosures affecting…

Burp extension to evade TLS fingerprinting. Bypass WAF, spoof any browser. - sleeyax/burp-awesome-tls