Conducting a thorough forensic investigation of compromised machines is integral to incident response. However, it can be a challenging task because it requires the device to be in the corporate network and for additional software to be deployed, or for SecOps…

Linux systems running LXD are vulnerable to privilege escalation via multiple attack paths, two of which are published in my “lxd_root” GitHub repository. This blog will go into the details of what I think is a very interesting path - abusing relayed UNIX…

Information released publicly by NCC Group's Cyber Defence team - nccgroup/Cyber-Defence

Introduction Recently, I installed Malwarebytes on my machine. I played around with it for a little and I noticed that something was off with the scanning of files on disk. Naturally, it tempted me into digging further to identify the root cause but I had…

I lost north of $100,000 last Wednesday. It evaporated over a 24 hour timespan in a “SIM port attack” that drained my Coinbase account.

We used to think of Telegram as a reliable and secure transmission medium for messages of any sort. But under the hood, it has a rather common combination of a-...

How to defend against this denial of service attack which can be used to deactivate firewalls from a number of vendors, for less than five dollars.

Have a checklist of tasks you perform every penetration test, such as SSH bruteforcing or port mapping? Automate it with Python and Metasploit! Unfortunately, there hasn’t been a working, full-featured Python library for making these tasks easy for many years…

Advanced Indicator of Compromise (IOC) extractor. Contribute to InQuest/python-iocextract development by creating an account on GitHub.

TL;DR: starting February 2020, DNS servers that don’t support DNS both over UDP and TCP may stop working. Bangkok, in general, is a strange place to stay. Of c...

A few years ago I discovered a technique to call functions in JavaScript without parentheses using onerror and the throw statement. It works by setting the onerror handler to the function you want to

The Air Force has reportedly seized an attorney's computer and phone as part of an investigation into whether the Navy improperly spied on defense attorneys.

Regardless of industry, size, or tech stack, modern organizations rely on secrets to operate their infrastructure. Increasingly, DevOps teams elect to build or migrate their infrastructure with the cloud. All too often, secure and scalable secret management…

Scanner PoC for CVE-2019-0708 RDP RCE vuln. Contribute to zerosum0x0/CVE-2019-0708 development by creating an account on GitHub.

Online dating is a common thing now, it is hard to find people to date and online dating apps makes it easier to do so and it is more…

Posted in r/programming by u/Aecial • 2,404 points and 73 comments

Contribute to SandboxEscaper/polarbearrepo development by creating an account on GitHub.

Whether you have never heard of this before, you don’t know enough about it, or you already know but care to hear different perspectives…