Explore expert insights on pentesting/bug bounty hunting on this blog, your go-to resource for cutting-edge web security research.

Popular chat apps, including LINE, Slack, Twitter DMs and others, can also leak location data and share private info with third-party servers.

A centralized resource for previously documented WDAC bypass techniques - bohops/UltimateWDACBypassList

Contribute to Vi45en/Pesidious development by creating an account on GitHub.

Telegram’s built-in contact import feature was exploited to leak the personal data of millions of users onto the darknet

Together with CISA and the FBI, US Cyber Command wish Russian state hackers a "Happy Halloween!"

A few days ago I started playing with some idea I had from a few weeks already, using a Raspberry Pi Zero W to make a mini WiFi deauthenticator: something in my pocket that periodically jumps on all t

Scenario You have recovered Domain User credentials for a domain but have  no privileged or interactive access to any targets i.e. no Domain Admin account or any account that is capable of establis…

Recently, I discovered a small but potentially devastating vulnerability in the new Tor feature of the Brave browser. As of November 2nd 2020, Brave monthly users have massively increased their browser market share to 20 Million Monthly Active Users + 7…

iOS SSL Pinning Bypass (iOS 8 - 14). Contribute to evilpenguin/SSLBypass development by creating an account on GitHub.

Gitpaste-12 malware has many different ways of spreading itself to potential victims, and could be the first stage of a multi-stage hacking campaign.