This is a story about how I (re)discovered an exploitation technique and took a bug with fairly limited impact to a 5 digit bounty by…

Back when I started doing red team engagements for Komodo, bypassing AV solutions was quick and trivial, almost a ‘non-brainer.’ Just change some strings, recom

Information Security / Cyber Security Thoughts, Opinions, and Ideas!

COM Hijacking technique has a simple theoretical basis, similar to the DLL Hijacking one: What does it happen when an application searches for a non-existent COM object on the computer where it is being executed? Or when such object exists but it cannot be…

0 votes and 0 comments so far on Reddit

It was an ordinary Thursday on 4.04.2019. Except that at some point of the midday timeline an AS60280 belonging to Belarus’ NTEC leaked 18600 prefixes o...

DDoS attacks have always been a major threat to network infrastructure and web applications. Attackers are always creating new ways to exploit legitimate services for malicious purposes, forcing us to constantly research DDoS attacks in our CDN to build advanced…

On March 13, a proposal for the RIPE anti-abuse working group was submitted, stating that a BGP hijacking event should be treated as a policy violation. In case...

Exposing /var/run/docker.sock could lead to full environment takeover.

Securely manage your assets on-the-go from your smartphone with the Ledger Nano X, and keep the Ledger Nano S for at-home use or in a safe storage as a backup device.

Yahoo today has been learnt offering $177.5 Million to settle a lawsuit related to its 2013 data breach incident which compromised 3 billion user records, the biggest data breach in the history of man

Cybercrime is real, and your personal data can be used by malicious parties for whatever reasons they have.

0 votes and 0 comments so far on Reddit

Extract and aggregate threat intelligence. Contribute to InQuest/ThreatIngestor development by creating an account on GitHub.

Collect info about email addresses from Pastebin dumps.

0 votes and 0 comments so far on Reddit

RedCross was a maze, with a lot to look at and multiple paths at each stage. I’ll start by enumerating a website, and showing two different ways to get a cookie to use to gain access to the admin panel. Then, I’ll get a shell on the box as penelope, either…

Quick Summary Hey guys today RedCross retired and here is my write-up about it. To get an initial shell on this box there are two ways , first one is to exploit an authenticated RCE which gives you a shell as www-data , then escalate to root. The second way…