Inject JavaScript to explore native apps on Windows, macOS, GNU/Linux, iOS, Android, and QNX

struts-pwn_CVE-2018-11776 - An exploit for Apache Struts CVE-2018-11776

Even though nothing is foolproof, password managers are still by far the most reliable method of safe keeping your passwords but, that is only when you use them properly. We are going to tell you w…

struts-pwn_CVE-2018-11776 - An exploit for Apache Struts CVE-2018-11776

An analysis of the MBR bootkit referred to as “HDRoot”

This post is an installment in my series of posts on security in Chakra, Microsoft’s JavaScript engine. In this installment, I present a particularly elegant type confusion bug in Chakra. This vulnerability was discovered by multiple researchers, including…

In this part we show how to automatically resolve all WinAPI calls in malicious code dump of LockPoS Point-of-Sale malware. Instead of manually reconstructing a corrupted Import Address Table we simply extract a target portion of code in the research database…

Utilities for MITRE™ ATT&CK. Contribute to nshalabi/ATTACK-Tools development by creating an account on GitHub.

tl;dr: With the tool nmap-parse-output you can convert, manipulate or extract data from a Nmap/masscan scan output. This allows you to get the information you're looking for by just entering a straightforward command.
Preamble
A while ago, we had to scan…

St2-057 Poc Example. Contribute to jas502n/St2-057 development by creating an account on GitHub.

Currently playing: NetSec I - 04. WiFi basics and security

This is the second part of the "Reverse Engineering iOS Apps - iOS 11 Edition" series. In the first part of the series we learned how to setup your phone on iOS 11 and how to decrypt an iOS app. In this second and final part we'll learn how to:

Learn about the Struts2 Remote Code Execution vulnerability CVE-2018-11776, how to exploit and how to create a Proof of Concept (POC) with docker.

Raxis COO, Bonnie Smyre, wrote a guest blog post on "What Nonprofits Need to Know about Assessing Security Risk" for the NTEN Nonprofit Technology Network.

Search and download free and open-source threat intelligence feeds with threatfeeds.io.

0 votes and 0 comments so far on Reddit

This blog post documents how to use Microsoft.Workflow.Compiler.exe and the Veil Framework's output to receive a Cobalt Strike beacon.

This post will detail the steps I took to find a path traversal vulnerability, and how I paired the vulnerability with the logic of the application to achieve Remote Code Execution through a shell …

Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface, which can allow a local user to obtain SYSTEM privileges.