Burp Suite 2.0 beta is now available to Professional users. This is a major upgrade, with a host of new features, including: A new crawler, able to automatically handle sessions, detect changes in app

1 vote and 0 comments so far on Reddit

Hundreds (at least) of kernel bugs are fixed every month. Given the
kernel's privileged position within the system, a relatively large portion
of those bugs have security implications. Many bugs are relatively easily
noticed once they are triggered; that…

POC for CVE-2018-15685

Learn about the Struts2 Remote Code Execution vulnerability CVE-2018-11776, how to exploit and how to create a Proof of Concept (POC) with docker.

0 votes and 1 comment so far on Reddit

imaginaryC2 - Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware. Imaginary C2 hosts a HTTP server which captures HTTP requests towards selectively cho...

Vba2Graph - Generate call graphs from VBA code, for easier analysis of malicious documents.

We chose Airmail 3 as a target for reverse engineering to gain a better understanding of how MacOS applications work on a low-level.

Inject JavaScript to explore native apps on Windows, macOS, GNU/Linux, iOS, Android, and QNX

struts-pwn_CVE-2018-11776 - An exploit for Apache Struts CVE-2018-11776

Even though nothing is foolproof, password managers are still by far the most reliable method of safe keeping your passwords but, that is only when you use them properly. We are going to tell you w…

struts-pwn_CVE-2018-11776 - An exploit for Apache Struts CVE-2018-11776

An analysis of the MBR bootkit referred to as “HDRoot”

This post is an installment in my series of posts on security in Chakra, Microsoft’s JavaScript engine. In this installment, I present a particularly elegant type confusion bug in Chakra. This vulnerability was discovered by multiple researchers, including…

In this part we show how to automatically resolve all WinAPI calls in malicious code dump of LockPoS Point-of-Sale malware. Instead of manually reconstructing a corrupted Import Address Table we simply extract a target portion of code in the research database…

Utilities for MITRE™ ATT&CK. Contribute to nshalabi/ATTACK-Tools development by creating an account on GitHub.

tl;dr: With the tool nmap-parse-output you can convert, manipulate or extract data from a Nmap/masscan scan output. This allows you to get the information you're looking for by just entering a straightforward command.
Preamble
A while ago, we had to scan…

St2-057 Poc Example. Contribute to jas502n/St2-057 development by creating an account on GitHub.

Currently playing: NetSec I - 04. WiFi basics and security