Four years later, the 2012 LinkedIn breach just got way worse.

In a recent post I was talking about a shellcode technique to bypass firewalls based on the socket's lifetime which could be useful for ve...

## Introduction

In Steam and other valve games (CSGO, Half-Life, TF2) there is a functionality to find game servers called the server browser. In order to retrieve the information about these...

Quick Summary Hey guys today Carrier retired and here is my write-up about it. User on this box wasn’t hard to get , but for root it’s a different thing because we will go through some networking tricks and we will perform an attack called bgp hijacking.…

A web application to transfer PowerShell modules, executables, snippets and files - AdrianVollmer/PowerHub

3 msfvenom payloads under the microscope

After recently wrapping up Forshaw's awesome Attacking Network Protocols , it felt like a good time to take a break from the purely technic...

Kunle Shonaike Developments in vehicle security over recent years have made it increasingly difficult for thieves to steal vehicles by conventional means and this has led to thieves using burglary...

Learn how to bypass MaxScale's Firewall and Masking filters using SQL comments

«Nemesida WAF» Free provides the base security level of web-applications and API. «Nemesida WAF» Free has simple installation and exploitation, doesn’t have high requirements to hardware resources.

Based on the increased interest in User Account Control (UAC) bypass research as of late, we've decided to read more on the subject and attempt to identify some sort of a pattern which ultimately led...

a subdomain brute forcing tool for windows. Contribute to visualbasic6/subdomain-bruteforce development by creating an account on GitHub.

🛠 Tools and noscripts to manipulate Android APKs. Contribute to ViRb3/apk-utilities development by creating an account on GitHub.

Lists the most common web application threats

Building your own disassembly tooling for — that’s right — fun and profit

A flowchart explaining the implementation of secure registration using the combination of username, email, and mobile number.

While researching a web application last February, I learned about Slanger, an open source server implementation of Pusher. In this post I describe the discovery of a critical RCE vulnerability in …

OGNL Injection attack explained. Learn to exploit OGNL Injection in Apache Struts

Many of the security vulnerabilities inherent to deploying IoT can be mitigated by utilising a SDP, parallel networks and encouraging collaboration.