Since the support of goo.gl has already ended, I’ve been looking for ways to shorten URLs using Google services. Some time ago I’ve found a bug that allowed me to shorten links using Google’s official g.co shortener. This time I took a look at Firebase Dynamic…

Cylance Inc., the leading provider of AI-driven, prevention-first security solutions, today announced the availability of its virtual chief information sec

Schedule, talks and talk submissions for NoNameCon 2019

Many posts have pointed out that a malicious MySQL server can use the LOAD DATA LOCAL command to read arbitrary files from MYSQL clients. According to this article (chinese) phpMyAdmin开启远程登陆导致本地文件读取, We can read arbitrary file on phpMyAdmin server if $cf…

Magellan is a remote code execution vulnerability that exists in SQLite. As a well-known database, SQLite is widely used in all modern mainstream operating systems and software, so this vulnerability has a wide range of influence. After testing Chromium was…

Magellan is a remote code execution vulnerability that exists in SQLite. As a well-known database, SQLite is widely used in all modern mainstream operating systems and software, so this vulnerability has a wide range of influence. After testing Chromium was…

Posts about hacking, coding and other stuffs

This proof-of-concept crashes the Chrome renderer process using Tencent Blade Team's Magellan SQLite3 bug. It's based on a SQLite test case from the commit that fixed the bug.

2 votes and 0 comments so far on Reddit

Tim May - Cypherpunks co-Founder, Discoverer of Radiation-Induced Single Event Upsets in Integrated Circuits, Uncompromising Firearms Proponent Word has reached me that my dear friend,...

Google Code-in is an online programming competition for students hosted by Google that takes place every year. When I was singing up for a second time, I put a payload into all the text fields. I didn’t expect anything to happen, but when I clicked the submit…

1 vote and 0 comments so far on Reddit

Draw loci corresponding to radio transmission multilateration - jurasofish/multilateration

some words on the security implications of locally hosted web services

The field of computer security has military origins, and focuses on defending expert users from powerful adversaries. Traditionally there’s been little attention to the security needs of the most vulnerable. But that’s started to change recently. [Thread]

This post is going to go over a very quick domain compromise by abusing cached Kerberos tickets discovered on a Linux-based jump-box…

No matter how secure your password might be, deep learning and neural networks with audio detection techniques could mean you are vulnerable!

Quick Summary
Waldo was a great box and what makes it special is its unique way in getting the root flag. Every step with this box was very fun and I liked this box too much.
It’s a linux box and its ip is 10.10.10.87 so let’s jump right in




Nmap
Starting…

Phishing attacks are the most common form of infiltration used by Iranian state-backed hackers to gain access into accounts. Certfa reviews the latest campaign of phishing attacks that has been carried out and dubbed as “The Return of The Charming Kitten”.

Greetings! During penetration testing projects we often encounter tightly segmented networks that are almost completely isolated from the outside world. Sometimes, to solve this problem it is required of us to forward traffic through the only available protocol…