Security updates available for Flash Player

Feed the tool a .nessus file and it will automatically get you MSF shell - DanMcInerney/msf-autoshell

0 votes and 0 comments so far on Reddit

Get the slides and audio here: https://github.com/gamozolabs/adventures_in_fuzzing
Follow me on Twitter: https://twitter.com/gamozolabs

I gave a talk at NYU about some of the major tools I've worked on over the years and why they came to be.

0 votes and 6 comments so far on Reddit

0 votes and 6 comments so far on Reddit

tl;dr gVisor is Google’s sandboxing technology for containers running less-than-fully-trusted code. It’s a Golang reimplementation of the Linux kernel that r...

Combining manual penetration testing and automated security testing results in a comprehensive and effective approach to safety

The darkening mood within the social-media giant is notable in part because its workforce has been resilient through other difficult patches in the past. That includes the period after the 2016 pre…

This article examines the latest attack vector to surface: using Google Bots. It examines how search engines sue bots to help index websites, explains how such attacks happen and how to counter them. Code samples are included.

This blog post examines how PHP stream wrappers can be used to bypass keyword based blacklists. It includes an examination of the generic functions that can be used to interact with streams, the concept of stream-context and steam filters. It also looks at…

Addressing Shadow IT, legacy and abandoned applications for a holistic risk management program.

0 votes and 1 comment so far on Reddit

Recovering Supposedly-Encrypted Files Without the Key

On Tuesday, I wrote about a serialization vulnerability fixed in the last version of wp-gdpr-compliance plugin.

Bettercap is a man-in-the-middle (MITM) attack tool developed to for users who are likely to be penetration testers to test and improve the security of networks or some devices connected to these networks.

I discovered multiple vulnerabilities in the RegistrationSharing module of the Subnoscription Management Tool provided by SUSE for enterprise customers that leads to unauthenticated RCE

Beginning Writing shellcode is an excellent way to learn more about assembly language and how a program communicates with the underlying OS. Put simply shellcode is code that is injected into a running program to make it do something it was not made to do.…

Low interaction honeypot designed for Android Debug Bridge over TCP/IP - huuck/ADBHoney

TL;DR: We were wondering whether price affects the security of IoT appliances. So we verified the security of two differently priced connected home alarm systems. Both IoT alarms are marketed as an…