Active Directory Assessment and Privilege Escalation Script - hausec/ADAPE-Script

Gwendal Le Coguic, web developer and security researcher

Have you ever encountered a website that runs `jQuery(location.hash)`? It turns out this allows you to perform a powerful timing attack that can extract almost any secret from the HTML.

Providing a web browser that you can depend on year after year is one of the core tenant of the Firefox security strategy. We put ...

A spam campaign we observed in September indicates attackers are angling towards a more sophisticated form of phishing. The campaign uses hijacked email accounts to deliver URSNIF as part of or as a response to an existing email thread.

All devices from Xiongmai, a Chinese OEM who manufactures white-label video surveillance equipment, come with an always-on cloud feature called XMEye P2P cloud.

Security updates available for Flash Player

Security updates available for Flash Player

A first-hand look from the .NET engineering teams

5 votes and 1 comment so far on Reddit

HASSH is a network fingerprinting standard which can be used to identify specific Client and Server SSH implementations. The fingerprints can be easily stored, searched and shared in the form of a ...

JonLuca’s Blog - A blog about tech, programming, and information

24 votes and 2 comments so far on Reddit

Tool to make in memory man in the middle. Contribute to AMOSSYS/MemITM development by creating an account on GitHub.

You might not be aware of the Hackvertor extension I've been working on lately. It features tag based conversion that is far more powerful than the inbuilt decoder in Burp. The idea behind tag based c

3 votes and 0 comments so far on Reddit

A tale of discovering a critical vulnerability in Symantec Messaging Gateway during a pentest engagement

The Practice of Cloud System Administration was written by Thomas A. Limoncelli, Strata R. Chalup, Christina J. Hogan.