Some days ago someone send me the following link, which describes two vulnerabilities in Foxit Reader: http://thehackernews.com/2017/08/tw...

Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws

It’s well known that some websites are vulnerable to IP address spoofing because they trust a user-supplied HTTP header like X-Forwarded-For...

Does it matter?

OSINT Swiss Army Knife. Contribute to Nhoya/gOSINT development by creating an account on GitHub.

vpn_access_point - Script from VPN AP blog post

If you’ve spent any time administering a Windows system post Vista you’ll have encountered the TrustedInstaller (TI) group which most syst...

While I was browsing the Reverse Engineering sub on Reddit a few months ago, I came across a puzzle that the poster said came from a Danish newspaper …

As cybercriminals start to focus on pulling off attacks without leaving a trace, fileless malware will become a more common attack method. However, many of these malware are fileless only while entering a user’s system, as they eventually reveal themselves…

Below is a partial and edited flowchart of the malvertising chain that I got during this infection: An edited image of the infection chain is shown below: You can see that the Ramnit sample seems t…

Contribute to Awesome-Security-Gists development by creating an account on GitHub.

On Wednesday August 16th representatives for LG South Korea have confirmed they were the victim of a cyber attack, which hit them on Monday morning. The

Blog about anti-virus software and its issues.

A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group

2 points and 0 comments so far on reddit

About four months ago (April 2017), Vasilis Tsaousoglou and myself presented our work on exploiting Android's libc allocator at the 2017 INFILTRATE conference (Miami, Florida). Since version 5.0, Android has adopted the jemalloc allocator as its default libc…

On internal engagements, poisoning name resolution requests on the local network (à la Responder) is one of the tried and true methods of obtaining that coveted set of initial Domain credentials.  While this approach has worked on many clients, what if Link…

By  Lucas Apa (@lucasapa) Traditional industrial robots are boring. Typically, they are autonomous or operate with limited guidance and e...