FBI Director Chris Wray says the FBI has disrupted a group of hackers working at the direction of the Chinese government who targeted universities, government agencies and other organizations.

TL;DR I discovered a one-click account takeover vulnerability in a popular Indonesian Android app called Tokopedia . Th...

👻Stowaway -- Multi-hop Proxy Tool for pentesters. Contribute to ph4ntonn/Stowaway development by creating an account on GitHub.

MSSprinkler is a password spraying utility for organizations to test their Microsoft Online accounts from an external perspective. It employs a 'low-and-slow' approach to avoid lock...

Seezo provides context-specific security requirements to developers before they start coding

Intro Several months ago, I wrote a post about developing a secure chat in Rust using RSA and AES-CBC. Writing that post taught me a lot (like in this post, all of the crypto algorithms were implemented from scratch), but there were 2 major problems with…

Introduction to Security Class (BSY), FEL, Czech Technical University

I’ve recently been working on some exciting development projects, including a deep dive into archive extraction. During this work, I discovered some fascinating behaviours that I’m thrilled to share with you in the following sections.

In this post, we demonstrate two techniques allowing a low privileged user to escalate their privileges to root in case they can run iptables and/or iptables-save as

A writeup of my $4133.70 Google Drive vulnerability chain.

a post going over 4 exploits for CVE-2024-20017, a remotely exploitable buffer overflow in a component of the MediaTek MT7622 SDK.

Create tar/zip archives that try to exploit zipslip vulnerability. - nodyhub/zipslipper

Introduction Every company establishes processes to identify security vulnerabilities, prioritize them, develop solutions, and, in some cases, strategically accept risk either temporarily or permanently. Security exceptions are closely tied to vulnerability…

Are you tired of compromising your privacy and security when sharing files online? What if there was a way to transfer data that was not only secure and efficient but also put you in complete control? Imagine a file sharing solution that combines cutting…

Let me scan it, what could possibly go wrong?

In a world increasingly reliant on secure digital communications, it’s surprising to learn that many countries, including those in critical sectors such as healthcare and industrial control systems (SCADA), still use outdated pager networks like POCSAG for…

After attending the OST2 – Exp4011 […]

CVE-2024-28987 SolarWinds Web Help Desk Hardcoded Credential Vulnerability Deep-Dive and Indicators of Compromise. This blog details a hardcoded credentials vulnerability which allows an unauthenticated attacker to read and modify all help desk tickets.