In a world increasingly reliant on secure digital communications, it’s surprising to learn that many countries, including those in critical sectors such as healthcare and industrial control systems (SCADA), still use outdated pager networks like POCSAG for…

After attending the OST2 – Exp4011 […]

CVE-2024-28987 SolarWinds Web Help Desk Hardcoded Credential Vulnerability Deep-Dive and Indicators of Compromise. This blog details a hardcoded credentials vulnerability which allows an unauthenticated attacker to read and modify all help desk tickets.

Summary A vulnerability in the Nortek Linear eMerge E3 allows remote unauthenticated attackers to cause the device to execute arbitrary commands. Credit An independent security researcher working with SSD Secure Disclosure Vendor Response The vendor has been…

The protocol that is used by the WatchGuard Single Sign-On (SSO) agent to communicate with the respective client services is neither encrypted, nor authenticated. The unprotected information that is communicated is used to decide which firewall rules should…

Original file ‎(SVG file, nominally 1,000 × 1,000 pixels, file size: 9 KB)

Summary A vulnerability in the Nortek Linear eMerge E3 allows remote unauthenticated attackers to cause the device to execute arbitrary commands. Credit An independent security researcher working with SSD Secure Disclosure Vendor Response The vendor has been…

Uncover hidden subdomains: Boost your cybersecurity, validate digital assets, and supercharge your pen testing. Find every subdomain linked to any website.

In this blog, we’ll dive into how Heartbleed works, the vulnerable code and how to exploit it.

Introduction Hello Folks, Today I am providing an all-encompassing OSCP preparation guide containing the advice and resources I wish I had when I started this path towards the OSCP. If you have any questions relating to OSCP preparation or anything else,…

Recent investigation by Bitsight TRACE has discovered multiple critical 0-day vulnerabilities across six ATG systems from five different vendors.

On June 11th, 2024, we discovered a set of vulnerabilities in Kia vehicles that allowed remote control over key functions using only a license plate. These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, regardless…

Hello friends, this is the first of two, possibly three (if and when I have time to finish the Windows research) writeups. We will start with targeting GNU/Linux systems with an RCE. As someone who’s

We detail several practical client-side attacks that can result from DNS poisoning observed for domains hosted in China. These attacks impact every domain on the Internet that uses a nameserver located in China, and it's estimated that more than 30 million…

Did you know that Slack provides some surprising information about a workspace to unauthenticated callers? Slack Watchman knows, and in this post I’m going to show you the information you can enume…

After years of continuous evolution, React has built an extremely rich and powerful ecosystem. This article will list the most powerful technology stack combinations for React development in 2024…

In this blog post, we will explore how we can exploit CNEXT, but blind, covering the cases where we have a file read primitive, but cannot get the output.

During a penetration test, we found a Java application vulnerable to insecure reflection. How could we automate the process to find good classes?

Records an executable's network activity into a Full Packet Capture file (.pcap) and much more. - H4NM/WhoYouCalling

Vesta admin takeover. Exploiting reduced seed entropy in bash $RANDOM to guess the admin's password reset token

Find out whether you’re underestimating Cross-Origin Resource Sharing (CORS) vulnerabilities in our latest research.