Cryptography Dispatches is [Filippo Valsorda](https://blog.filippo.io/hi)'s newsletter. It tries to bring longer form discussion of the cryptography engineering topics touched on [@FiloSottile](https://twitter.com/FiloSottile), but broader breath than those…

This is a follow up article to the previous piece that I wrote - How I hacked into a college’s website to obtain the student’s database.

TL;DR LeakLooker has more to offer, now you can hunt for Gitlab, Jenkins, SonarQube, Samba and Rsync. In addition, it supports custom…

Jump Ahead: Enum – Initial Creds – Rev. Shell – User – Root – Resources – Special Thanks TL;DR; Overall, I really enjoyed this box! Other than initial enumeratio…

Quick Summary Hey guys today Chaos retired and here’s my write-up about it. Chaos was a CTF-style machine, I can’t say that it simulated a real life situation. I had fun solving this box, some steps were straightforward others were very tricky. About main…

The Australian Cyber Security Centre (ACSC) is aware of a security incident affecting the Australian online design platform, Canva.

Unpacking and reverse engineering of Bitmain AntMiner Z11 firmware.

Malware has been using unicode since time ago, to hide / obfuscate urls, filenames, noscripts, etc... Right-to-left Override character (e2 80 ...

On the last day of 2018, I discovered a type confusion vulnerability in Internet Explorer that yields a clean write-what-where primitive. It patched this April as CVE-2019-0752 . As an exercise, I wrote a full exploit for this vulnerability using an original…

I have recently joined a startup and have been a part of their InfoSec team. Recently this thought popped up in my mind that I should…

Over the last few weeks, I’ve had conversations with several individuals around mitigating lateral movement in a Windows environment. In…

A while ago I started a project for managing real-word web honeypots. I initially built it to manage some WordPress honeypots but after…

Tool to extract Kerberos tickets from Linux kernel keys. - TarlogicSecurity/tickey

0 votes and 1 comment so far on Reddit

I’ve written a couple of times on the subject of boot loaders and full disk encryption, but I haven’t really explored it in more detail. With this blog post I hope to dive a bit deeper …

Password Breach Hunting and Email OSINT locally or using premium services. Supports chasing down related email - khast3x/h8mail

Inject JavaScript to explore native apps on Windows, macOS, GNU/Linux, iOS, Android, and QNX

Sample pentest report provided by TCM Security. Contribute to hmaverickadams/TCM-Security-Sample-Pentest-Report development by creating an account on GitHub.

0 votes and 0 comments so far on Reddit

In this blog post we will walk through how throwing 160 distributed CPUs at a fuzzing target that takes initially one year of CPU time can shorten the fuzzing time substantially. Also we will share test-cases where throwing more CPUs … Read More