What better way to showcase a new attack technique than with real-world examples? This blog post will do just that.

Setting up the environment + Hello […]

I’ve run into many interested hackers who want to learn how to use BloodHound, but struggle to get started. Here’s how to be effective!

The golden era of man-in-the-middle attacks

A few days ago I read a fantastic blog post by Forrest Kalser that piqued my curiosity. In the blog post, noscriptd ‘Deep Sea Phishing Pt.1’, Kalser ar

Understanding the Risks of Client-Side Authentication: Why relying on client-side security isn’t enough.

TL;DR:

Wristband makes it fast and easy for B2B startups and SMBs to build multi-tenant customer authentication and access controls into their app.

In-depth analysis of CVE-2024-21338, a Windows Kernel Elevation of Privileges vulnerability, its root cause, exploitation challenges and POC

Team82 has uncovered a security bypass vulnerability in a Rockwell Automation ControlLogix 1756 local chassis security feature called the trusted slot, which is designed to deny untrusted communication from untrusted network cards on the chassis plane.

Explaining the process and tooling behind our way of auditing Atlassian plugins, 53 0Days later.

Email enumerator, username generator, and context validator for hunter.io, snov.io, and skrapp.io - mlcsec/huntsman

Introduction
Hello, I’m RyotaK (@ryotkak
), a security engineer at Flatt Security Inc.
In 2023, James Kettle
of PortSwigger published an excellent paper
noscriptd Smashing the state machine: the true potential of web race conditions.
In the paper, he introduced…

tl;dr: Large language models (LLMs) are highly susceptible to manipulation, and, as such, they must be treated as potential attackers in the system. LLMs have become extremely popular and serve...

A supply chain attack via Polyfill, a common open-source library written in JavaScript, used in web development to provide modern functionality on older browsers like IE7 that did not support it...

Explore essential OPSEC practices for Red Teams and advanced detection strategies for Blue Teams, focusing on the Kerberos protocol

I'm inviting you to participate in a brief (approx. 10 minutes) online survey to explore how trust in a consortium influences information sharing behaviour.

Introducing 3TOFU -- a Harm-Reduction process to Supply Chain Security when downloading software that cannot be verified cryptographically