Armis, the cyber-security firm that discovered the BlueBorne vulnerabilities in the Bluetooth protocol, warns that nearly half a billion of today's "smart" devices are vulnerable to a decade-old attack known as DNS rebinding.

With Gmail’s new design rolled out to more and more users, many have had a chance to try out its new “Confidential Mode.” While many of its features sound promising, what “Confidential Mode” provides

Intro - Testing Google Sites and Google Caja In March 2018, I reported an XSS in Google Caja, a tool to securely embed arbitrary html/javascript in a webpage. In May 2018, after the XSS was fixed, I r

In the previous post in this series, I introduced the use case of an attacker persisting via a LaunchAgent/Daemon, and a few osquery…

The injected malware uses EXIF format to hide the code and the compromised images are available on Google+ and GoogleUserContent sites.

Guest Post: ARTEMIS is a new defence system for network operators that can reduce BGP hijack detection and mitigation times from hours/days to a few seconds or minutes.

#NoFilter

Spoof SSDP replies to phish for credentials and NetNTLM challenge/response. Creates a fake UPNP device, tricking users into visiting a malicious phishing page. Also detects and exploits XXE...

Incredibly fast crawler designed for OSINT. Contribute to s0md3v/Photon development by creating an account on GitHub.

Pathbrute. Contribute to milo2012/pathbrute development by creating an account on GitHub.

Learn how to use PowerShell to find disabled or inactive user accounts in Active Directory in this helpful article by PowerShell MVP Jeff Hicks.