Windows Sandbox is a new lightweight desktop environment tailored for safely running applications in isolation.   How many times have you downloaded an executable file, but were afraid to run it? Have you ever been in a situation which required a clean installation…

Discover our new RDP man-in-the-middle tool. It features clipboard and file stealing, as well as the ability to see connections live or after the fact.

Microservices written in Golang versions earlier than 1.10.6 and 1.11.3 using mutual TLS authentication are vulnerable to CPU denial of service (DoS) attack

keybase-redirector is a setuid root binary. keybase-redirector calls the fusermount binary using a relative path and the application trusts the value of $PATH. This allows a local, unprivileged...

Introduction So first of all I know that there are many tutorials published about buffer overflow and binary exploitation but I decided to write this article because most of these tutorials and articles don’t really talk about the basic fundmentals needed…

2 votes and 0 comments so far on Reddit

Microsoft has released an out-of-band security update that fixes an actively exploited vulnerability in Internet Explorer.  This vulnerability has been assigned ID CVE-2018-8653 and was discovered by Google's Threat Analysis Group when they saw the vulnerability being…

It's the C version of https://github.com/mthbernardes/sshLooter - mthbernardes/sshLooterC

3 votes and 3 comments so far on Reddit

In this article, I would like to share a remote code execution vulnerability details of MailCleaner Community Edition product. Advisory Informations Remotely Exploitable: YesAuthentication Required: NOVendor URL: https://www.mailcleaner.net/Date of found: 19…

Due to an internal error, Amazon recently sent 1,700 Alexa voice files to an unauthorized customer. German computer magazine c't details what happened.

Amazon's Ring dominates the growing video doorbell market. But little is known about the company's secretive R&D lab in Kiev, Ukraine. Here's the story of how customer video footage is sent there for image recognition purposes, despite internal concerns.…

14 votes and 2 comments so far on Reddit

Proof of Concepts (PE, PDF...). Contribute to corkami/pocs development by creating an account on GitHub.

Forticlient LPE to SYSTEM 0day

1 vote and 0 comments so far on Reddit

“The indictment alleges that the defendants were part of a group that hacked computers in at least a dozen countries and gave China’s intelligence service access to sensitive business information,”

Microsoft have released an out-of-band patch in order to fix the zero day vulnerability that has been exploited by malicious users in attacks .