Securify provides reality checks to lower security risks and build up resilience against threats. Agile Security, Pentesting (scenario-based) and Red Teaming.

Universal Linux kernel heap spray

We’re proud to announce the release of Winchecksec, a new open-source tool that detects security features in Windows binaries. Developed to satisfy our analysis and research needs, Wincheckse…

A tool to evaluate Content Security Policies. Contribute to lc/cspparse development by creating an account on GitHub.

An open-source post-exploitation framework for students, researchers and developers. - GitHub - malwaredllc/byob: An open-source post-exploitation framework for students, researchers and developers.

A write up of several security vulnerabilities I discovered in Siaberry, including command-injection, clickjacking, and more.

Despite the fact that SQL injection is relatively old and solved problem, it is still commonly found in web applications.

A lot of network security solutions today supports a lot data format inside HTTP and other protocols. The main question here is…

Recently I read the article on the Coalfire Blog about executing an obfuscated PowerShell payload using Invoke-CradleCrafter.  This was very useful, as Windows Defender has upped its game lately and is now blocking Metasploit's Web Delivery module.  I wanted…

Often times while performing penetration tests it may be helpful to connect to a system via the Remote Desktop Protocol (RDP). I typically use rdesktop or xfreerdp to connect to host once I have obtained credentials to do all sorts of things such as use Active…

This post is about Server Side Template Injection (SSTI) and a brief walkthrough of how it can be leverage to get a shell on the server…

Posted by Jann Horn, Google Project Zero This blogpost describes a way to exploit a Linux kernel bug (CVE-2018-17182) that exists since...

A framework for stealthy domain reconnaissance. Contribute to Tylous/Vibe development by creating an account on GitHub.