During a red team exercise it's common to set up a relaying infrastructure to separate your external facing footprint from the actual command and control backend. Some of the popular light-weight options are to set up either HAProxy or NGINX on disposable…

Security researchers have discovered a new Malspam campaign exploiting the recently discovered WinRAR ACE flaw to install malware on the computer

The demonstrates CVE-2018-4233 on iOS. This should work on all 64bit iOS 10 devices but currently the kernel exploit has kernel offsets hardcoded for an iPod7,1 10.1.1 until I manage to add liboffs...

Security researchers have discovered a critical remote execution vulnerability in WinRAR software affecting all versions.

How an anomalous space led to fingerprinting Summary On the 2nd of January 2019 Cobalt Strike version 3.13 was released, which contained a fix for an “extraneous space”. This uncommon w…

Google is by far the best search engine, with the most developed algorithms and the largest database of sites. Unfortunately, it is also well known for monitoring its users and using your search history to target ads.

Google Storage is a GCP service that hosts files within GCP "buckets”. Enumerating vulnerable GCP buckets can identify potential cloud weaknesses.

0 votes and 0 comments so far on Reddit

ConsenSys Diligence is deploying vulnerable contracts on purpose.

New TLS Padding Oracles. Contribute to RUB-NDS/TLS-Padding-Oracles development by creating an account on GitHub.

0 votes and 0 comments so far on Reddit

0 votes and 2 comments so far on Reddit

WebARX web application firewall engine now allows you to make your own firewall rules. Plans starting from $4.99/month - start your free trial now.

Threat actors have already started exploiting recently patched Drupal RCE flaw (CVE-2019-6340) to deliver cryptocurrency miners

Two recently discovered vulnerabilities affecting SHAREit Android application

Threat actors have already started exploiting recently patched Drupal RCE flaw (CVE-2019-6340) to deliver cryptocurrency miners

Some of my exploits. Contribute to cfreal/exploits development by creating an account on GitHub.

JonLuca’s Blog - A blog about tech, programming, and information

The results are in! After an impressive 59 nominations followed by a community vote to pick 15 finalists, a panel consisting of myself and noted researchers Nicolas Grégoire, Soroush Dalili and Filede

Drupal Honeypot. Contribute to d1str0/Drupot development by creating an account on GitHub.

A real-life story from our experience of configuring the G-Suit for the company and how it ended in us unintentionally stealing personal data.