Opensource, cross-platform and portable toolkit for automating routine processes when carrying out various works for testing!

Hundreds of Offensive and Useful Docker Images for Network Intrusion. The name says it all. - GitHub - cybersecsi/HOUDINI: Hundreds of Offensive and Useful Docker Images for Network Intrusion. The ...

During my 6-months intership, I developed a tool to ease vunerability research on Java applications.

Linux maintainers and vendors disclosed a heap overflow vulnerability in the Linux Kernel causing DoS, escape container or elevate privileges

Posted in r/netsec by u/Gallus • 88 points and 8 comments

A robust Red Team proxy written in Go. Contribute to chdav/GoWard development by creating an account on GitHub.

In this section, we'll explain the basics of information disclosure vulnerabilities and describe how you can find and exploit them. We'll also offer some ...

Security is the poster child of a Non-Functional Requirement: most people don’t care until the proverbial fecal matter hits the rotary propeller. Consequences can range from losing reputation to legal liability to putting the business out. In my post on running…

Over 90 WordPress themes, plugins backdoored in supply chain attack

(source: bleepingcomputer.com)
A product can be seen as a production line. That's what The Phoenix Project novel argues. It makes sense to me. Things gets assembled and passed around, work…

Part 5 of a series covering fuzzer development using LibAFL

Chrome is deprecating access to private network endpoints from non-secure public websites as part of the Private Network Access specification. Read on for recommended actions.

Writeup by: Oliver Lyak (ly4k)
Solved by: Zopazz, Oliver Lyak (ly4k)
QLaaS QLaaS (Qiling as a Service) was a Clone-and-Pwn challenge with difficulty Schrödinger …

In the last few days, Linux maintainers disclosed a broadly available Linux kernel vulnerability - CVE-2022-0185- what does it mean for Kubernetes?

The mobile banking malware BRATA keeps evolving. Read here the new Technical Report, which explains in detail how it monitors banks account and how to prevent it.

Our previous report on Cobalt Strike focused on the most frequently used capabilities that we had observed. In this report, we will focus on the network traffic it produced, and provide some easy w…

Or, how you could use GitHub to compromise 9.5K Twitter accounts without doing any “hacking”

TypeScript Scenario-Based Web Application Fuzzing Framework - GitHub - shfz/shfz: TypeScript Scenario-Based Web Application Fuzzing Framework