Discover the critical OpenSSH RCE vulnerabilities (CVE-2024-6387, CVE-2024-6409) and learn detection and mitigation steps to protect your servers from potential exploits.

Claroty Team82 demonstrates how it exploited vulnerabilities in TP-Link ER605 routers on the WAN in order to pivot onto the local network (LAN) and exploit an IoT device, in this case, a Synology BC500 security camera.

Discover how to choose the best framework for cross-platform mobile app development. Explore top frameworks and find the right one for your project.

elttam is an independent security company providing research-driven security assessment services. We combine pragmatism and deep technical insight to help our customers secure their most important assets.

Through the course of 3/4 weeks, we were able to find a chain of vulnerabilities that allows full database access and full access to any MID servers configured. This resulted in 3 separate CVE's.

The JFrog Security Research team has recently discovered and reported a leaked access token with administrator access to Python’s, PyPI’s and Python Software Foundation’s GitHub repositories, which was leaked in a public Docker container hosted on Docker…

BloodHound is an attack path management solution which can discover hidden relationships in Active Directory by performing data analysis to identify paths in the domain that will lead to lateral mo…

Unlike process injection, hollow process injection suspends a legitimate process, overwrites its existing code section with malicious code,

Protect organizations in your constituency from e-mail spoofing with our tool – mailgoose. In Poland it has already been used by over 25,000 users!

A notable trend in cyber threats nowadays is the exploitation of vulnerabilities in drivers through the Bring Your Own Vulnerable Driver (BYOVD) technique. BYOVD poses a significant risk as it allows attackers to bypass security measures and gain unrestricted…

Kernel exploit for Xbox SystemOS using CVE-2024-30088 - exploits-forsale/collateral-damage

Not a Meetup member yet? Log in and find groups that host online or in person events and meet people in your local community who share your interests.

Team82 demonstrates an attack exploiting a remote code execution vulnerability in Synology BC 500 IP cameras. This attack is part of a broader research project that involved exploiting a TP-Link ER605 router, and pivoting from there to the local network to…

This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.

During a recent customer engagement, the CyberArk Red Team discovered and exploited an Elevation of Privilege (EoP) vulnerability (CVE-2024-39708) in Delinea Privilege Manager (formerly Thycotic...

Golang applications that use HTTPS requests have a built-in SSL verification feature enabled by default. In our work, we often encounter an application that uses Golang HTTPS requests, and we have...

'This is only the tip of the iceberg of what we're working on.'