It was an ordinary Thursday on 4.04.2019. Except that at some point of the midday timeline an AS60280 belonging to Belarus’ NTEC leaked 18600 prefixes o...

DDoS attacks have always been a major threat to network infrastructure and web applications. Attackers are always creating new ways to exploit legitimate services for malicious purposes, forcing us to constantly research DDoS attacks in our CDN to build advanced…

On March 13, a proposal for the RIPE anti-abuse working group was submitted, stating that a BGP hijacking event should be treated as a policy violation. In case...

Exposing /var/run/docker.sock could lead to full environment takeover.

Securely manage your assets on-the-go from your smartphone with the Ledger Nano X, and keep the Ledger Nano S for at-home use or in a safe storage as a backup device.

Yahoo today has been learnt offering $177.5 Million to settle a lawsuit related to its 2013 data breach incident which compromised 3 billion user records, the biggest data breach in the history of man

Cybercrime is real, and your personal data can be used by malicious parties for whatever reasons they have.

0 votes and 0 comments so far on Reddit

Extract and aggregate threat intelligence. Contribute to InQuest/ThreatIngestor development by creating an account on GitHub.

Collect info about email addresses from Pastebin dumps.

0 votes and 0 comments so far on Reddit

RedCross was a maze, with a lot to look at and multiple paths at each stage. I’ll start by enumerating a website, and showing two different ways to get a cookie to use to gain access to the admin panel. Then, I’ll get a shell on the box as penelope, either…

Quick Summary Hey guys today RedCross retired and here is my write-up about it. To get an initial shell on this box there are two ways , first one is to exploit an authenticated RCE which gives you a shell as www-data , then escalate to root. The second way…

[Linux] Two Privilege Escalation techniques abusing sudo token - nongiach/sudo_inject

Exploiting a known XXE in Apache Solr through OpenCMS handleSolrSelect, to read arbitrary files from the OpenCMS' server.

This writeup is for the command injection in TimeMachine diagnose extension, affects 10.12.x-10.14.3

Schneider Electric SE recently fell victim to a breach of its safety system, which crippled operations at a critical infrastructure facility in the Middle East. It’s the first reported attack on a safety instrumented system...

Recently 2 vulnerabilities in Envoy