Introduction The Cybaze-Yoroi ZLab researchers investigated a recent espionage malware implant weaponized to target companies in the Italian automotive sector. The malware was spread through well written phishing email trying to impersonate a senior partner…

Hi, This is Yogesh Tantak a Security Researcher from India. Today I am writing about a critical bug that I found in Google’s new Product…

Hello again. In my previous posts I detailed how to manually get SYSTEM shell from Local Administrators users. That’s interesting but very late game during a penetration assessment as it is presumed that you already owned the target machine.

Recently I had to write a kernel-mode driver. This has made a lot of people very angry and been widely regarded as a bad move. (Douglas…

A review of my bug hunting journey so far, from when I started, to the point where I made it into the Top 200 bug hunters on Bugcrowd after two years.

Summary

This little technique can force your blind XXE to output anything you want!

Hi Guys,

Part-1

This blog post is an introduction to the reverse proxy “Modlishka” tool, that I have just released.
I hope that this software will reinforce the fact that social engineering is a serious threat, and cannot be treated lightly.

Code review is, hopefully, part of regular development practices for any organization. Adding security elements to code review is the most…

Games can be as fun as frustrating, when bugs ruin the fun for half of the player base, and the dev doesn’t care. So, I fixed it myself.

If you haven’t heard, universities around the world are offering their courses online for free (or at least partially free). These courses are collectively called MOOCs or Massive Open Online Courses.

List of Awesome Red Teaming Resources. Contribute to yeyintminthuhtut/Awesome-Red-Teaming development by creating an account on GitHub.

PA Toolkit is a collection of traffic analysis plugins focused on security - pentesteracademy/patoolkit