Metasploit’s Development Diaries series sheds light on how Rapid7’s offensive research team analyzes vulnerabilities as potential candidates for inclusion in Metasploit Framework.

Minimal docker container of Parrot OS for running an automated pentest. - vishnudxb/automated-pentest

$50 Million CTF from Hackerone - Writeup. Contribute to manoelt/50M_CTF_Writeup development by creating an account on GitHub.

Dont rely on AntiVirus (AV) as your security conrnerstone. Bypassing AV (Windows Defender) is still as trivial as ever ... Part II.

Advanced information gathering and target recon tool for OSINT activities.

A walkthrough of exploiting NVIDIA GeForce Experience through arbitrary file overwrites, CVE-2019-5674.

To kick off this series on offensive security techniques, I am going to begin with what I consider to be the most important aspects of pentesting. Passi...

PoC to bypass Android restrictions. Contribute to quarkslab/android-restriction-bypass development by creating an account on GitHub.

Unlike an inventory of machines or services, user identities are usually already managed by existing G-Suite, Okta, Salesforce, or Microsoft Office 365. Almost all of these enterprise services expose OpenID Connect identity providers which are a suite of…

0 votes and 0 comments so far on Reddit

Security BSides San Francisco is a two-day information security conference. It is a conference by the community for the community.

A brand new technique for detecting the content-type and the HTTP status of the cross-origin response via object typemustmatch attribute.

I know this one took a bit longer, but I've finally finished up my Vulnserver LTER write-up. Vulnserver LTER - Introduction If you have not been following along, I'm slowly writing all the exploits for vulnserver. This one will be … Continue reading →

The contractor, Harold Martin, was arrested in 2016, but investigators never found evidence that he had shared stolen classified information with anyone.

RedTeam Pentesting discovered a command injection vulnerability in the web-based certificate generator feature of the Cisco RV320 router which was inadequately patched by the vendor.

Several flaws have been identified in the latest version of Magento 2, allowing an attacker to obtain complete control over the server. We're now releasing the exploit for the unauthenticated SQL injection. We'll release the details for the RCE vulnerability…

We introduce Commando VM, a tool for penetration testers who use Windows.

Cisco blacklists curl instead of fixing vulnerable code. No new patches available, meaning devices still vulnerable to attacks.

Writing YARA rules based on executable code within malware can be a tedious task. An analyst cannot simply copy and paste raw executable code into a YARA rule, because this code contains variable v…

privacytools.io provides knowledge and tools to protect your privacy against global mass surveillance.


Website: privacytools.io


In cooperation with: OpenNIC.org

Get the [almost] full list of MAC addresses that were targeted in the ASUS breach, and share our pain in the short story of extracting them.