Despite the fact that SQL injection is relatively old and solved problem, it is still commonly found in web applications.

A lot of network security solutions today supports a lot data format inside HTTP and other protocols. The main question here is…

Recently I read the article on the Coalfire Blog about executing an obfuscated PowerShell payload using Invoke-CradleCrafter.  This was very useful, as Windows Defender has upped its game lately and is now blocking Metasploit's Web Delivery module.  I wanted…

Often times while performing penetration tests it may be helpful to connect to a system via the Remote Desktop Protocol (RDP). I typically use rdesktop or xfreerdp to connect to host once I have obtained credentials to do all sorts of things such as use Active…

This post is about Server Side Template Injection (SSTI) and a brief walkthrough of how it can be leverage to get a shell on the server…

Posted by Jann Horn, Google Project Zero This blogpost describes a way to exploit a Linux kernel bug (CVE-2018-17182) that exists since...

A framework for stealthy domain reconnaissance. Contribute to Tylous/Vibe development by creating an account on GitHub.

A little tool to play with Windows security. Contribute to gentilkiwi/mimikatz development by creating an account on GitHub.

When is the last time you created your SSH key? If you’re still using RSA with key-size less than 2048 bits long, It’s time for an upgrade!

Hi Guys,

3 votes and 0 comments so far on Reddit

The attack added to the company’s woes as it contends with fallout from its role in a Russian disinformation campaign.

The Internet Crime Complaint Center (IC3), in collaboration with DHS and the Federal Bureau of Investigation, has released an alert on cyber threat actors maliciously using legitimate remote administration tools, such as Remote Desktop Protocol (RDP). Threat…