kalirouter - intercepting kali router

Adam Donenfeld, a researcher with mobile security firm Zimperium, has published today proof-of-concept code for zIVA — a kernel exploit that affects iOS 10.3.1 and previous versions.

3rd-Party Patching a Logical Bug By Mitja Kolsek, the 0patch team A bit of introduction: last week we could all witness a familiar "It'...

Tonight my brain decided, instead of sleeping (why even bother trying, right?), to start a new short adventure in the Bluetooth Low Energy world. I’m a happy Crafty vaporizer owner and as I discovered

Static Analysis/ Reverse Engineering for Thick Clients Penetration Testing 4 Hi Readers, let’s take a look into static analysis. The advantage which thick clients offer over web applications are the ability to inspect the code and perform code level fuzzing…

2 points and 0 comments so far on reddit

It's high time to learn how cunning cyber criminals can use Intel AMT powerful capabilities to achieve their malicious goals. See the captivating story of hacking Intel AMT with all its twists and turns and awe-inspiring details with your own eyes. The freshest…

SAP POS Xpress Server does not perform any authentication checks for critical functions that require user identity. As a result, administrative and other privileged functions can be accessed without any authentication.

The announcement earlier this month by the UK government of an overhaul of data protection laws sparked headlines heralding the new rights…

Learn about a new ransomware targeted at web servers called Ronggolawe, the code name for AwesomeWare.

Today, MalwareHunterTeam discovered a new variant of the CryptoMix ransomware that is appending the .EMPTY extension to encrypted file names. Considering that the previous variant used ERROR as the previous extension and now uses EMPTY, it is clear that the…

AppSec Consulting provides world-class web application security services, penetration testing, PCI compliance services, and web application security training.

When Simon blogged about the risks of JavaScript a few weeks back, he
mentioned that we've begun to see JIT vulnerabilities in submissions to the
ZDI program and as part of Pwn2Own. Today, I'll expand on his blog post by
covering a vulnerability in…

By @dronesec and @breenmachine   This a project my friend drone and I have been poking at for quite some time and are glad to finally be releasing. As the noscript implies, we&#…

Public talks by Royce Williams, with references and errata.

0 points and 0 comments so far on reddit

Demonstrating the OWASP Top 10 : Cross-Site Scripting #3 Bad JavaScript Imports and with example of the code. To learn about XSS