Cymulate’s research team has discovered a way to abuse the Online Video feature on Microsoft Word to execute malicious code. Attackers could use this for malicious purposes such as phishing, as the document will show the embedded online video with a link…

Bluetooth Low Energy (BLE) is a wireless standard, widely used to communicate Android and iOS mobile applications with devices of many kinds. These include home security, medical and other which may exchange sensitive data or perform sensitive operations.…

Earlier this year, I decided to take a sabbatical. I wanted to reflect on my infosec work and decide what I would like to focus on in the coming years. As you probably know, I’ve spent the last nine years mostly fighting the battle to secure the endpoint…

an asynchronous target enumeration tool. Contribute to welchbj/bscan development by creating an account on GitHub.

Content of Exploitation, What is an exploit?, Types of exploits, Local remote and 0day exploits, Exploit Databases, Example Exploit Scenarios

A mistake in the process used by the Signal Desktop application to encrypt locally stored messages leaves them wide open to an attacker.

By using the nginx auth_request module and Lasso you can protect any application running behind your nginx reverse proxy with OAuth. Lasso…

4 votes and 0 comments so far on Reddit

Backwards program slice stitching for automatic CTF problem solving. - ChrisTheCoolHut/Rocket-Shot

BlackEye Phishing Kit in Python w Serveo Subdomain Creation - M4cs/BlackEye-Python

Video Walkthrough: Introduction: This week’s retiring machine is Bounty, which is a beginner-friendly box that can still teach a few new tricks.  Bounty is rated 4.8/10, which I feel is prett…

PoC for persisting .NET payloads in Windows Notification Facility (WNF) state names using low-level Windows Kernel API calls. - ustayready/CasperStager

Technitium DNS Server is an open source software that can be effectively used to block Internet Advertisements (Ads), adware and, malware o...

The use of a Wall of Sheep is nice to raise the security awareness of your audience. A Wall of Sheep is a tool used to demonstrate what can happen when users connect to a wild network without a minimum level of security. The non-encrypted traffic is analyzed…

The acquisition is by far IBM's largest deal ever, and third-biggest in the history of U.S. tech.

Systemd has a remotely exploitable bug in it's DHCPv6 client. That means anybody on the local network can send you a packet and take control...

File upload vulnerability scanner and exploitation tool. - almandin/fuxploider