I’m going to go over an interesting feature abuse that could have been used to steal and even manipulate downloads from Slack users using the Slack desktop app on Windows. The vulnerability was…

More than 25,000 Linksys Smart Wi-Fi routers are currently impacted by an information disclosure vulnerability which allows remote and unauthenticated access to a vast array of sensitive device information.

Twitter ID Confirmator
===

## Summary
Recently I discovered a privacy-related vulnerability in Twitter. An attacker exploiting this vulnerability can identify a user when they visit a malicious...

0 votes and 1 comment so far on Reddit

Quick Summary Hey guys today Conceal retired and here’s my write-up about it. Conceal was a straightforward fun box, The only tricky part about it is gaining IPSEC connection to gain access to some filtered services. That first part involved some guessing…

My blog, mostly about programming

A list of useful payloads and bypass for Web Application Security and Pentest/CTF - swisskyrepo/PayloadsAllTheThings

In the previous article I Disassembled a simple password validator go program. In this one lets go a big bigger. I will try to reverse a…

Posted by Kurt Thomas and Angelika Moscicki Every day, we protect users from hundreds of thousands of account hijacking attempts. Most at...

0 votes and 0 comments so far on Reddit

Azure Apps are often subject to subdomain takeovers, or you might even want to use Azure Apps for Command and Control!

What is believed to be a nation-state sponsored hacking group has managed to infect around half a million routers with VPNFilter malware. VPNFilter is a modular malware that can carry out various functions, including the reviewing all communications, beginning…

The internet has been aflame with discussions around three leaks of internal information from APT groups attributed with the Islamic Republic of Iran. One of these leaks was written up by the security firm ClearSky and details what appears to be an offensive…

I just recently joined a startup and have been a part of their InfoSec team. Recently this thought popped up in my mind that I should…

This article is being re-published originally written by me one year back.

We used to think of Telegram as a reliable and secure transmission medium for messages of any sort. But under the hood, it has a rather…

Twitter: @s4tan Sojobo GitHub project: https://github.com/enkomio/Sojobo Sojobo is a new binary analysis framework written in .NET and b...

0 votes and 5 comments so far on Reddit

Conducting a thorough forensic investigation of compromised machines is integral to incident response. However, it can be a challenging task because it requires the device to be in the corporate network and for additional software to be deployed, or for SecOps…

Linux systems running LXD are vulnerable to privilege escalation via multiple attack paths, two of which are published in my “lxd_root” GitHub repository. This blog will go into the details of what I think is a very interesting path - abusing relayed UNIX…