Over the past two weeks, Ryuk, a targeted and well-planned Ransomware, has attacked various organizations worldwide. So far the campaign has targeted several enterprises, while encrypting hundreds of PC, storage and data centers in each infected company.…

The summer of 2017 culminated the substantial research and development effort of a generic solution to CSRF that could be easily applied…

The patch was issued in APSB18–12:

The patch has been released, please upgrade your MAU to 18081201

Semmle security researcher Man Yue Mo explains how he used Semmle QL's Data Flow library to discover multiple RCE vulnerabilities (CVE-2018-11776) in Apache Struts.

A vulnerability affects all versions of the OpenSSH client released in the past two decades, ever since the application was released in 1999.

An open-source post-exploitation framework for students, researchers and developers. - GitHub - malwaredllc/byob: An open-source post-exploitation framework for students, researchers and developers.

If you're planning on implementing the W3C and FIDO Alliance's new WebAuthn standard for hardware security token support, skip ECDAA for now.

Scrounger is a modular tool designed to perform the routine tasks required during a mobile application security assessment.  Scrounger conveniently brings together both major mobile operating syste…

Sup guys, Today I would like to share with you an interesting bug that I found in facebook group through their BugBounty program, so let’s…

Burp Suite 2.0 beta is now available to Professional users. This is a major upgrade, with a host of new features, including: A new crawler, able to automatically handle sessions, detect changes in app

1 vote and 0 comments so far on Reddit

Hundreds (at least) of kernel bugs are fixed every month. Given the
kernel's privileged position within the system, a relatively large portion
of those bugs have security implications. Many bugs are relatively easily
noticed once they are triggered; that…

POC for CVE-2018-15685

Learn about the Struts2 Remote Code Execution vulnerability CVE-2018-11776, how to exploit and how to create a Proof of Concept (POC) with docker.

0 votes and 1 comment so far on Reddit

imaginaryC2 - Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware. Imaginary C2 hosts a HTTP server which captures HTTP requests towards selectively cho...

Vba2Graph - Generate call graphs from VBA code, for easier analysis of malicious documents.

We chose Airmail 3 as a target for reverse engineering to gain a better understanding of how MacOS applications work on a low-level.

Inject JavaScript to explore native apps on Windows, macOS, GNU/Linux, iOS, Android, and QNX

struts-pwn_CVE-2018-11776 - An exploit for Apache Struts CVE-2018-11776