This is @newp_th.This issue is very similar to my previous report on Reflected XSS on Stack Overflow.

The security researcher Bruno Keith from the Phoenhex group published a PoC code for a remote code execution flaw in Microsoft Edge browser (CVE-2018-8629).

Doing everything manually is cool, but how do we save time and money? A lot of times most of the enumeration stuff can be automated. But…

Slides from my talk at the OFFZONE 2018 conference (https://www.offzone.moscow/report/hunting-for-privilege-escalation-in-windows-environment/)

A collection of hacking tools, resources and references to practice ethical hacking. - sundowndev/hacker-roadmap

Introduction The Cybaze-Yoroi ZLab researchers investigated a recent espionage malware implant weaponized to target companies in the Italian automotive sector. The malware was spread through well written phishing email trying to impersonate a senior partner…

Hi, This is Yogesh Tantak a Security Researcher from India. Today I am writing about a critical bug that I found in Google’s new Product…

Hello again. In my previous posts I detailed how to manually get SYSTEM shell from Local Administrators users. That’s interesting but very late game during a penetration assessment as it is presumed that you already owned the target machine.

Recently I had to write a kernel-mode driver. This has made a lot of people very angry and been widely regarded as a bad move. (Douglas…

A review of my bug hunting journey so far, from when I started, to the point where I made it into the Top 200 bug hunters on Bugcrowd after two years.

Summary

This little technique can force your blind XXE to output anything you want!

Hi Guys,

Part-1