Happy New Year!🥳

We uncovered a large-scale, multi-phase campaign that adds a novel technique to traditional phishing tactics by joining an attacker-operated device to an organization’s network to further propagate the campaign.

As the proliferation of connected devices continues, it becomes imperative for organizations to monitor and manage them. But many organizations don’t really know what or how many assets they have. Effective cybersecurity asset management processes can help…

Source code of exploiting windows API for red teaming series - tbhaxor/WinAPI-RedBlue

IV pumps, ultrasounds, and monitors were at risk.

Estimated Reading Time: 8 minutesIn the past few weeks, I was working on a new project that could help me to solve an issue during a case I was facing, I needed a tool to help me pulling off my payload through DNS without being noisy or suspicious with the…

This cheatsheet is built for the Bug Bounty Hunters and penetration testers in order to help them hunt the vulnerabilities from P4 to P1 solely and completely with "BurpSuite". - ...

This article lists the most important security headers you can use to protect your website. Use it to understand web-based security features, learn how to implement them on your website, and as a reference for when you need a reminder.

Part 5 of a series covering fuzzer development using LibAFL

This channel has been created to share some of the good stuff in solving the CTF challenges. Our try will be to put writeup to some of the CTF challenges.

A Cross-Platform C++ parser library for Windows user minidumps with Python 3 bindings. - 0vercl0k/udmp-parser