I unveil a new post exploit attack vector that allows devastating ransomware attacks on compromised AWS account along with preventive…

Java Android Magisk Burp Objection Root Emulator Easy (JAMBOREE) - freeload101/Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy

CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT). - doyensec/CSPTPlayground

1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies - zendesk.md

Khám phá top 10+ nhà cái uy tín được kiểm định và xác thực 100% từ các chuyên gia cá cược, đảm bảo trải nghiệm cá cược tốt nhất cho người chơi

Learn how to proactively identify cybersecurity threats through log analysis. This guide covers essential threat-hunting techniques, from detecting suspicious logins to flagging anomalies, ensuring your organization's defenses stay ahead of attackers.

Today we'd like to share a recent journey into (yet another) SSLVPN appliance vulnerability - a Format String vulnerability, unusually, in Fortinet's FortiGate devices.

It affected (before patching) all currently-maintained branches, and recently was highlighted…

The post describes DLL Sideloading, a technique that allows attackers to execute custom malicious code from within legitimate windows binaries/processes.

This is a step-by-step guide to the container hardening process on the GNU/Linux operating system. A containerized application (Podman with Pandoc) has been created for demonstration. The process begins with applying a customized Seccomp policy profile created…

We share a - now fixed - AWS vulnerability that would have enabled potentially undetectable data exfiltration from even the most locked down of AWS accounts by leveraging the audit trail itself to stealthily leak data.

In this article we went over how to use embeddings in AWS Bedrock, scraping AWS documentation, leveraging ripgrep for fast searches on local disk, and some interesting security research along the way.

In short, the conntrack module, which tracks connections for the stateful firewall, does not account for the interface on which a connection was established. As a result, a firewall rule allowing…

Learn about the critical code injection vulnerability (CVE-2024-22127) in SAP NetWeaver AS Java Log Viewer plug-in. Discover mitigation steps and best practices to secure your SAP environment.

This blog post details how I found CVE-2024-6778 and CVE-2024-5836, which are vulnerabilities within the Chromium web browser which allowed for a sandbox escape from a browser extension.

Share your videos with friends, family, and the world