I know this one took a bit longer, but I've finally finished up my Vulnserver LTER write-up. Vulnserver LTER - Introduction If you have not been following along, I'm slowly writing all the exploits for vulnserver. This one will be … Continue reading →

The contractor, Harold Martin, was arrested in 2016, but investigators never found evidence that he had shared stolen classified information with anyone.

RedTeam Pentesting discovered a command injection vulnerability in the web-based certificate generator feature of the Cisco RV320 router which was inadequately patched by the vendor.

Several flaws have been identified in the latest version of Magento 2, allowing an attacker to obtain complete control over the server. We're now releasing the exploit for the unauthenticated SQL injection. We'll release the details for the RCE vulnerability…

We introduce Commando VM, a tool for penetration testers who use Windows.

Cisco blacklists curl instead of fixing vulnerable code. No new patches available, meaning devices still vulnerable to attacks.

Writing YARA rules based on executable code within malware can be a tedious task. An analyst cannot simply copy and paste raw executable code into a YARA rule, because this code contains variable v…

privacytools.io provides knowledge and tools to protect your privacy against global mass surveillance.


Website: privacytools.io


In cooperation with: OpenNIC.org

Get the [almost] full list of MAC addresses that were targeted in the ASUS breach, and share our pain in the short story of extracting them.

0 votes and 0 comments so far on Reddit

0 votes and 0 comments so far on Reddit

On Friday, January 25, 2019, our honeypots detected opportunistic scanning activity from multiple hosts targeting Cisco Small Business RV320 and RV325 routers. A vulnerability exists in these routers that allow remote unauthenticated information disclosure…

TLS CBC Padding Oracle Checker. Contribute to Tripwire/padcheck development by creating an account on GitHub.

Quick Summary Hey guys today Curling retired and here is my write-up about it. I had a lot of fun doing this box as it was easy and simple. Also it was straightforward , no rabbit holes and such things. It’s a linux box and its ip is 10.10.10.150 I added…

This post will conclude my Vulnserver LTER SEH exploit. Vulnserver LTER SEH - Part 2 If you haven't read Part 1 yet, then I recommend you start there. That said, I last left off with a newly generated reverse shell … Continue reading →

a "Proof of Concept or GTFO" mirror with extra article index, direct links and clean PDFs. - pocorgtfo/README.md at master · angea/pocorgtfo

Preface On March 4, I reported a security vulnerability in kubectl to the Kubernetes and OpenShift security teams, which was assigned CVE-2019-1002101. This post explains the discovery process, the vulnerability details and its impact and exploitation methods.…

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@fireeye.com - fireeye/commando-vm

Table of Contents: Overview Dedication A Word of Warning! Section 1: Getting Comfortable with Kali Linux Section 2: Essential Tools in Kali Section 3: Passive Reconnaissance Section 4: Active Reconnaissance Section 5: Vulnerability Scanning Section 6: Buffer…