Attack detection has been a part of information security for decades. The first known intrusion detection system (IDS) implementations d...

Combine a bug in Antidote, a popular enterprise spellchecker, and unsafe defaults in Active Directory, and you get more NTLM hashes than you can deal with.

Attack detection has been a part of information security for decades. The first known intrusion detection system (IDS) implementations date back to the early...

Research by: Nadav Grossman Introduction In this article, we tell the story of how we found a logical bug using the WinAFL fuzzer and exploited it in WinRAR to gain full control over a victim’s computer. The exploit works by just extracting an archive, and…

A noscripted pipeline of tools to streamline the bug bounty/penetration test reconnaissance phase, so you can focus on chomping bugs. - SolomonSklash/chomp-scan

Users of WP Cost Estimation & Payment Forms Builder and Simple Social Buttons plugins urged to update.

A powerful target reconnaissance framework powered by graph theory. - pownjs/pown-recon

0 votes and 0 comments so far on Reddit

# Analyzing HijaIyh (APPLE SCAMPAGE V2) phishing kit Today I found an interesting phishing kit targ

0 votes and 1 comment so far on Reddit

If you are working in a digital marketing sphere, most of your work is done online, from managing social media channels to monitoring…

Being a bug bounty hunter, I face a lot of competition. Lots of companies are willing to issue rewards for vulnerabilities in their…

After Jenkins released the [Security Advisory](https://jenkins.io/security/advisory/2018-12-05/#SECURITY-595) and fixed the dynamic routing vulnerability on 2018-12-05, I started to organize my notes in order to write this Hacking Jenkins series. While reviewing…

This article is mainly about a brief security review on Jenkins in the last year. During this review, we found 5 vulnerabilities including: CVE-2018-1999002(Arbitrary file read vulnerability), CVE-2018-1000600(CSRF and missing permission checks in GitHub…

Exploitation from WAN to LAN

IDS/IPS malware download evasion. Contribute to Eplox/evador development by creating an account on GitHub.

Last week (2019-02-11) a new vulnerability in runC was reported by its maintainers, originally found by Adam Iwaniuk and Borys Poplawski. Dubbed CVE-2019-5736, it affects Docker containers running in default settings and can be used by an attacker to gain…

Cloud Based Fully Automated Reconnaissance Tool

Venom - A Multi-hop Proxy for Penetration Testers Written in Go - Dliv3/Venom