The ‘Night City’ blackmarket is powered by ‘Droidcoin’. An anonymous crypto-currency. The rogue androids seem to have hacked the ‘Nighty…

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a...

All the information mentioned in this article are of my personal and aren’t the opinions of my past or present employer.

TL;DR : A page on domain manager.paypal.com was vulnerable to “Expression Language Injection” (JSTL) and I was able to extract some…

Hi Guys,

Andromeda - Interactive Reverse Engineering Tool for Android Applications - secrary/Andromeda

Yesterday, a new version of DOMPurify (very popular XSS sanitization library) was released, that fixed a bypass reported by us. In this post I’ll show how exactly the bypass looked like preceded by general information about DOMPurify and how it works. If…

This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack - incredibleindishell/SSRF_Vulnerable_Lab

We demonstrate client side attacks and trojans are not exclusive to Windows with a Metasploit payload for an Ubuntu deb package that gives us a shell on Linux.

Interactive cross-site scripting (XSS) cheat sheet for 2025, brought to you by PortSwigger. Actively maintained, and regularly updated with new vectors.

In this section, we'll explain how to manipulate WebSocket messages and connections, describe the kinds of security vulnerabilities that can arise with ...