Attack detection has been a part of information security for decades. The first known intrusion detection system (IDS) implementations date back to the early...

Research by: Nadav Grossman Introduction In this article, we tell the story of how we found a logical bug using the WinAFL fuzzer and exploited it in WinRAR to gain full control over a victim’s computer. The exploit works by just extracting an archive, and…

A noscripted pipeline of tools to streamline the bug bounty/penetration test reconnaissance phase, so you can focus on chomping bugs. - SolomonSklash/chomp-scan

Users of WP Cost Estimation & Payment Forms Builder and Simple Social Buttons plugins urged to update.

A powerful target reconnaissance framework powered by graph theory. - pownjs/pown-recon

0 votes and 0 comments so far on Reddit

# Analyzing HijaIyh (APPLE SCAMPAGE V2) phishing kit Today I found an interesting phishing kit targ

0 votes and 1 comment so far on Reddit

If you are working in a digital marketing sphere, most of your work is done online, from managing social media channels to monitoring…

Being a bug bounty hunter, I face a lot of competition. Lots of companies are willing to issue rewards for vulnerabilities in their…

After Jenkins released the [Security Advisory](https://jenkins.io/security/advisory/2018-12-05/#SECURITY-595) and fixed the dynamic routing vulnerability on 2018-12-05, I started to organize my notes in order to write this Hacking Jenkins series. While reviewing…

This article is mainly about a brief security review on Jenkins in the last year. During this review, we found 5 vulnerabilities including: CVE-2018-1999002(Arbitrary file read vulnerability), CVE-2018-1000600(CSRF and missing permission checks in GitHub…

Exploitation from WAN to LAN

IDS/IPS malware download evasion. Contribute to Eplox/evador development by creating an account on GitHub.

Last week (2019-02-11) a new vulnerability in runC was reported by its maintainers, originally found by Adam Iwaniuk and Borys Poplawski. Dubbed CVE-2019-5736, it affects Docker containers running in default settings and can be used by an attacker to gain…

Cloud Based Fully Automated Reconnaissance Tool

Venom - A Multi-hop Proxy for Penetration Testers Written in Go - Dliv3/Venom

The Simple – Better Banking Android application was affected by an information disclosure vulnerability that leaked user passwords to the keyboard autocomplete functionality. If exploited, this vulnerability could be leveraged to gain unauthorized access…

Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised.