Black Hat USA is a great outlet for sharing lessons learned after the CrowdStrike incident.

Greetings everyone, In this write-up, we will be exploring the interesting exploitation that has been done against the pfsense CVE-2022-31814. What is pfsense? pfSense software is a FreeBSD-based operating system designed to install and configure a firewall…

Apache OFBiz RCE Scanner & Exploit (CVE-2024-38856) - securelayer7/CVE-2024-38856_Scanner

The recursive internet scanner gets an upgrade

We discovered critical vulnerabilities in six AWS services that range between RCE, full account takeover, manipulation and more.

[ 繁體中文版本 | English Version ] Hey there! This is my research on Apache HTTP Server presented at Black Hat USA 2024. Additionally, this research will also be presented at HITCON and OrangeCon. If you

This innovative tool ensures precision and convenience without the need for soldering, circuit inspe

Stay updated with the latest in Cyber Security, InfoSec, Cryptography, Online Privacy, Hacking, Vulnerability and Threat Research. Discover top news, podcasts, and expert insights, all aggregated in one place

Introduction I have participated in, and built bug bounty programs at companies such as PayPal and Box and supported similar programs at several other companies. Below is part of a whiteboard session from 2012, conducted before launching PayPal's bug bounty…

In this blog post series, we embark on a Journey of Secure Code Mastery! I'm delighted to unveil the first chapter of our in-depth blog series on Security Code Reviews.

Protecting Mission Critical Assets

Companies in the energy industry today are confronted with unprecedented cyber security challenges. They need to safeguard their mission-critical information assets against criminal hackers and internal employees who…

New research uncovers a potential attack vector on GitHub repositories, with leaked tokens leading to potential compromise of services.

Tenable Research discovered multiple privilege-escalation issues in the Azure Health Bot Service via a server-side request forgery (SSRF), which allowed researchers access to cross-tenant resources.

We investigate three recent AWS security incidents and discuss how canaries could help you detect these early, and throughout the attack lifecycle.

Parses Snaffler output file and generate beautified outputs. - zh54321/SnafflerParser

We found a stored Cross-Site Scripting (XSS) vulnerability in Substack.

I’m excited to announce the release of Lil Pwny 3.2.0, featuring powerful new enhancements to the Active Directory password auditing tool. This update brings significant improvements and new …