This post has been written by me and two friends: @splinter_code and 0xea31 This is the “unintended” result of a research we did on Juicypotato exploit in order to find a possibl…

My write-up / walkthrough for Wall from Hack The Box.

Jump Ahead: Enum – Getting a Rev. Shell – Root – Resources – Shoutout TL;DR; To solve this machine we enumerate open ports – finding ports 80 and 22 open. Enumerating …

Posted by evo4ce - 50 votes and 2 comments

Description of how to pivot though the MySQL service. Turning MySQL into a SOCKS5 that can be used by proxychains.

High performance WordPress login bruteforcer with automatic concurrency for maximum amount of tries per second. - llebout/wpbrute-rs

LONDON, UK – Hundreds of thousands of documents from inside Formations House, a posh British finance firm located in central London, have been released online tonight. Formations House created thousands of companies for ultra-wealthy business-people for offshore…

Introduction
Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a breached database belonging to the American communications company, TrueDialog.

TrueDialog

[https://drive.google.com/file/d/0B-OpLAp8EyTfbEVfTm5OdkVXT2s/view?usp=sharing](https://drive.google.com/file/d/0B-OpLAp8EyTfbEVfTm5OdkVXT2s/view?u...

The penetration testing company Practical Pentest Labs has recently come under fire for how they handle user passwords. The passwords for user accounts were sent via email to users upon sign up in clear text. The argument was made that these could be intercepted…

Faisal's Blog

Just a normal flask web app to understand win32api with code snippets and references.

Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Windows 64-bit. - 0vercl0k/CVE-2019-11708

In the year 2009, PHP 5.3 was released, bringing with it major new features like namespaces and lambda functions. At the time, there was…

Hello Everyone, Today I will be sharing a very interesting technique of exploiting an XXE which was discovered from what I know by https...

TL;DR: This is a story how I accidentally found a common vulnerability across similar web applications just by reusing cookies on…

Towards a more open, contributor friendly, vendor neutral model for accelerated learning in InfoSec

Packet communication investigator. Contribute to michoo/pci development by creating an account on GitHub.

We've all seen it - a conference presentation drops a fancy new technique, and a hot new tool is released. Then over the following months and years, the environment changes and the tool is left unmain