On November 3rd, 2019, we have reported a critical vulnerability affecting the Android Bluetooth subsystem. This vulnerability has been assigned CVE-2020-0022 and was now patched in the latest security patch from February 2020. The security impact is as follows:…

Dear Facebook, please keep up with Electron and Chromium fixes, ta

In this section, we will describe what the DOM is, explain how insecure processing of DOM data can introduce vulnerabilities, and suggest how you can ...

Armis has discovered five critical, zero-day vulnerabilities in various implementations of the Cisco Discovery Protocol (CDP) that can allow remote attackers to completely take over devices without any user interaction. CDP is a Cisco proprietary Layer 2…

Recently I needed to pentest an Android application. When I installed the app in my virtual device (Android Emulator), a pop up…

Hi everyone, After completing my OSCP certification I thought to give a try to bug bounty, as OSCP has sharpened my exploitationSkills.

HTML injection é um ataque muito parecido com o Cross-site Scripting (XSS), enquanto no XSS o invasor pode injetar e executar códigos em…

Bismillah hirrahman nirrahim.

it’s been a while since the last Christmas that i would share this story with you guys but i didn't have time (too busy slacking off)

You might not be aware of the Hackvertor extension I've been working on lately. It features tag based conversion that is far more powerful than the inbuilt decoder in Burp. The idea behind tag based c

Sleepy Puppy XSS Payload Management Framework. Contribute to Netflix-Skunkworks/sleepy-puppy development by creating an account on GitHub.

Technical overview of different way to spawn a reverse shell on a victim machine

How I Finally could Got into an Internal Network (and could accessing all of their internal assets) by Using Various Vulnerabilities.