SCCMSecrets.py aims at exploiting SCCM policies distribution for credentials harvesting, initial access and lateral movement. - synacktiv/SCCMSecrets

Using CSS and social engineering to identify juicy targets when performing watering hole attacks

Looking into the abuse of ITarian RMM and introducing Dolphin Loader

The following is a writeup for some Android specific chromium behaviors.

A resource containing all the tools each ransomware gangs uses - BushidoUK/Ransomware-Tool-Matrix

Note: I am not responsible for any bad act. This is written by Chirag Artani to demonstrate the vulnerability. - Sachinart/CVE-2024-38063-poc

TL;DR Introduction For mobile testing, be it for apps or hardware, having complete control over the device is essential for analysis and vulnerability assessment. Rooting an Android device allows us to gain root privileges, giving us full access to the OS…

Posted by Royal Hansen, VP, Privacy, Safety and Security Engineering, Google, and Phil Venables, VP, TI Security & CISO, Google Cloud The...

Passive sniffing tool for capturing and visualising WiFi location data disclosed by iOS devices - hubert3/iSniff-GPS

Surprisingly often, implementations include functionality where user input is passed to dangerous functions like PHP’s eval() - despite clear warnings. Often, devs are somewhat aware of this danger and attempt to sanitize the input, but this approach …

Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser

The Jenkins team released an advisory (CVE-2024-43044) for an arbitrary file read vulnerability that allows an agent to be able to read files

CVE-2024-37084 is a critical security vulnerability in Spring Cloud Skipper, specifically related to how the application processes YAML input. The vulnerability arises from the use of the standard...

Nuxt.js project

Introducing LLM-based harness generation for Java OSS-Fuzz projects.

What's Changed
🎉 New Features

Added ActionWaitDialog type in headless protocol to simplify XSS detection by @dwisiswant0 in #5545

See docs for more details.
🔨 Maintenance

Migrated issue temp...

Analysis of CVE-2024-30078, a Windows Wi-Fi driver vulnerability. Detailed root cause analysis and exploitation constraints.

Infiltrax is a post-exploitation reconnaissance tool for penetration testers and red teams, designed to capture screenshots, retrieve clipboard contents, log keystrokes, bypass UAC and install AnyD...