Over time, the type of vulnerabilities seen in the web app landscape changes. One that has persisted year in, year out, is cross-site noscripting. It’s been a ...

Malicious apps on Google Play were trying to drop the Anubis banking malware on unsuspecting users. They were also using an innovative new evasion tactic.

1 vote and 0 comments so far on Reddit

Introduction Hey I’m back with another Buffer Overflow article and today we are going to do a really interesting exploit , Today we will finally escalate privileges using a vulnerable suid binary (you can know more about that by reading the first buffer overflow…

In 2017, while attempting to get some DRM-enabled video player to work on my Mac, I stumbled upon a hard-coded private key. The corresponding public key was used in a valid and publicly trusted Cis…

After spending many years working in information security, as a consultant, I've had the chance to audit a multitude of different systems invented and developed by many different people. While there is a lot to say about that, the focus of this article is…

This the Webinar: "The 1-Year Roadmap To Master Malware Analysis, Triple Your Salary Or Be The Star Of Your Response Team, Without Getting a New Certificate or Programming Skills"

1 vote and 0 comments so far on Reddit

Perception Point’s platform recently intercepted an attack leveraging the BYOB framework. This is the first time the BYOB framework is seen being used for fraudulent activity in the wild.

Finding and exploiting open instances of SickRage/SickChill.

Positive Hack Days is a unique global event. It is the only event which brings together the elite of the hackers' world, leaders of the information security industry and representatives of the Internet community to cooperate in addressing burning information…

A Chrome extension is stealing your credit card details with you knowing, do you have it installed on your device?

Abstract Content-Security Policy (CSP) is one of the most vital protection layers in client-side web security. A strict policy should n...

2 votes and 0 comments so far on Reddit

7 votes and 0 comments so far on Reddit

A small Bash utility used for pivoting into internal networks upon compromising a public-facing host. - itsKindred/PortPush

Welcome to CypherCon 4.0 (2019), Wisconsin’s Hacker Conference! Our conference provides hackers with an outlet to openly demonstrate and experience creativity and ingenuity through hands-on enlightening activities and thought provoking presentations and technical…

Quick Summary Hey guys Today SecNotes retired. SecNotes was a very nice box and I really liked that it mixed between windows and linux , and that’s because it was a windows box and it had windows subsystem for linux (WSL) installed.It was relatively easy.…

Remotely compromise devices by using bugs in Marvell Avastar Wi-Fi: from zero knowledge to zero-click RCE Introduction and motivation How wireless device works and starts up Interaction between Wi-Fi SoC and driver Firmware analysis Static firmware file analysis…