Exploitation from WAN to LAN

IDS/IPS malware download evasion. Contribute to Eplox/evador development by creating an account on GitHub.

Last week (2019-02-11) a new vulnerability in runC was reported by its maintainers, originally found by Adam Iwaniuk and Borys Poplawski. Dubbed CVE-2019-5736, it affects Docker containers running in default settings and can be used by an attacker to gain…

Cloud Based Fully Automated Reconnaissance Tool

Venom - A Multi-hop Proxy for Penetration Testers Written in Go - Dliv3/Venom

The Simple – Better Banking Android application was affected by an information disclosure vulnerability that leaked user passwords to the keyboard autocomplete functionality. If exploited, this vulnerability could be leveraged to gain unauthorized access…

Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised.

0 votes and 0 comments so far on Reddit

Our publications of the Swiss E-Voting Public Intrusion Test (PIT) - setuid0-sec/Swiss_E-Voting_Publications

Exploitation and mitigation bypasses for the new Drupal 8 RCE (SA-CORE-2019-003, CVE-2019-6340), targeting the REST module.

0 votes and 0 comments so far on Reddit

Quick Sumarry Hey guys today Zipper retired and here’s my write-up. Owning user on this box was challenging because we have to exploit an RCE vulnerability which is not really easy and then we have to get a stable shell to be able to enumerate, for the privilege…

A Hacker's Blog of Unintended Use and Insomnia.

New tools, old methods. Down the RE’ing rabbit hole to exploit a fatal flaw in an otherwise great password manager (1Password 4).

The HHS’ Office for Civil Rights has announced its third HIPAA financial penalty of 2018 - The 4th largest HIPAA penalty ever issued.

A new technique is being used by scammers to hide their phishing websites. This novel phishing attack uses a custom web font to render ciphertext as plaintext. The tactic is being used in phishing scams impersonating major U.S. banks.

A Reddit user has discovered a method to bypass recently introduced Face ID and Touch ID authentication for WhatsApp iOS version

Hi Guys, This is yet another a security vulnerability writeup about a chain of security vulnerabilities that linked up to compromise one…

A group of academics have found three new security flaws in 4G and 5G, which they say can be used to intercept phone calls and track the locations of cell phone users. The findings are said to be the first time vulnerabilities have affected both 4G and the…

The deep thinkers approach to OSINT. What if all you had was a search engine? A complete and total focus on observable evidence linked by inferences.