Denoscription of how the vulnerability was found and a few indications about its explotability

From leaked kernel-mode process handle to SYSTEM XIGNCODE3 is a popular anti-cheat solution provided on a B2B2C basis, predominantly found in online games. This class of software is known for its invasive nature, effectively acting as user-mode rootkits on…

Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"

8 votes and 0 comments so far on Reddit

      TLDR: You can bypass the OTP login (only available method to login) for Pizza Hut’s Indian website and iPhone app. I have tried contacting Pizza Hut on Twitter and Phone,…

25 votes and 1 comment so far on Reddit

With ever-tightening budgets it can be difficult to convince your managers to invest in security tools.

ModSecurity-envoy - ModSecurity V3 Envoy Filter

ISE Labs Earns 24 CVEs for New Vulnerabilities in TOS, TerraMaster’s NAS OS

Burp is getting a brand new REST API, which can be used by other tools to integrate with Burp Suite: In the initial release, the REST API supports launching vulnerability scans and obtaining the resul

Security in Android P is significantly different than in previous versions, as Google has added many new defensive measures.

Reversing a Japanese Wireless SD Card From Zero to Code Execution Guillaume VALADON - @guedou Before the talk Chromebook console zoom: 175%/200% ./setup.sh zoom the presenter notes

Intro An OpenSSH user enumeration vulnerability (CVE-2018-15473) became public via a GitHub commit. This vulnerability does not produce a list of valid usernames, but it does allow guessing of user…

Domain name abandonment is a major cyber threat to your businesses. This report shows how cybercriminals can hijack your emails and online services.

4 votes and 0 comments so far on Reddit

Enumerating registered BlackHat attendees with the BCard API

Howdy Folks, The last few months have been some VERY exciting times in the world of identity and security standards. Due to the efforts of a broad set of experts across the industry, we’ve made incredible progress in finalizing a broad set of new and improved…

In this write-up, Ryan Hanson describes his process for identifying and exploiting CVE-2018-0952, an arbitrary file creation vulnerability in the Windows Diagnostics Hub Standard Collector service, allowing for elevation of privileges.

Inception - Provides In-memory compilation and reflective loading of C# apps for AV evasion.