This story begins with a series of fails, but why? That is because of my special relationship with the Microsoft Exchange codebase…

A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group

Mainstream appreciation for cyberattacks targeting continuous integration and continuous delivery/continuous deployment (CI/CD) pipelines has been gaining momentum. Attackers and defenders increasingly understand that build pipelines are highly-privileged…

Hey, it’s me again back with another checklist. I saw various articles and tools specifically designed to exploit one vulnerability. It…

Checklist of the most important security countermeasures when designing, testing, and releasing your API - GitHub - shieldfy/API-Security-Checklist: Checklist of the most important security counter...

Simple parser for Telegram chats and channels with lemmatizer. Writes data in JSON and CSV. Your Telegram token is required! - GitHub - artmih24/TeleParser: Simple parser for Telegram chats and cha...

HazProne is a Cloud Pentesting Framework that emulates close to Real-World Scenarios by deploying Vulnerable-By-Demand AWS resources enabling you to pentest Vulnerabilities within, and hence, gain ...

<p>This blog post is part of series of two posts that describe weaknesses in Microsoft Excel that could be leveraged to create malicious phishing documents signed by Microsoft that load arbitrary code. These weaknesses have been addressed by Microsoft in…

Project Ares is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique - GitHub - Cerbersec/Ares: Project Ares is a Proof of Concept (PoC) loader written in C/...

Free copy of The Cyber Plumber's Handbook. Contribute to opsdisk/the_cyber_plumbers_handbook development by creating an account on GitHub.

Contribute to thedarksource/shodan-dorks development by creating an account on GitHub.

JiuZhou is a data set of Ethereum bug smart contracts (ICSME 2020). - GitHub - xf97/JiuZhou: JiuZhou is a data set of Ethereum bug smart contracts (ICSME 2020).

A curated list of Android Security materials and resources For Pentesters and Bug Hunters - GitHub - saeidshirazi/awesome-android-security: A curated list of Android Security materials and resource...

On November 5, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Login/Signup Popup”, a WordPress plugin that is installed on over 20,000 sites. A few days later we discovered the…

Windows HTTP协议栈远程代码执行漏洞 CVE-2022-21907. Contribute to antx-code/CVE-2022-21907 development by creating an account on GitHub.

We will explore RDP security modes and learn how NetNTLMv2 hash capture via monster-in-the-middle works, putting it into practice using PyRDP.

IntroductionMany cloud service providers offer a "metadata" service on their virtual machines. These services offer sensitive details about the instance and cloud operating environment. Metadata services offer REST APIs to programmatically retrieve this data.…

Soc Implentaion

rp++ is a fast C++ ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM binaries. - GitHub - 0vercl0k/rp: rp++ is a fast C++ ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM binaries.

BLKSMTH | S2W TALON