Posted by Royal Hansen, VP, Privacy, Safety and Security Engineering, Google, and Phil Venables, VP, TI Security & CISO, Google Cloud The...

Passive sniffing tool for capturing and visualising WiFi location data disclosed by iOS devices - hubert3/iSniff-GPS

Surprisingly often, implementations include functionality where user input is passed to dangerous functions like PHP’s eval() - despite clear warnings. Often, devs are somewhat aware of this danger and attempt to sanitize the input, but this approach …

Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser

The Jenkins team released an advisory (CVE-2024-43044) for an arbitrary file read vulnerability that allows an agent to be able to read files

CVE-2024-37084 is a critical security vulnerability in Spring Cloud Skipper, specifically related to how the application processes YAML input. The vulnerability arises from the use of the standard...

Nuxt.js project

Introducing LLM-based harness generation for Java OSS-Fuzz projects.

What's Changed
🎉 New Features

Added ActionWaitDialog type in headless protocol to simplify XSS detection by @dwisiswant0 in #5545

See docs for more details.
🔨 Maintenance

Migrated issue temp...

Analysis of CVE-2024-30078, a Windows Wi-Fi driver vulnerability. Detailed root cause analysis and exploitation constraints.

Infiltrax is a post-exploitation reconnaissance tool for penetration testers and red teams, designed to capture screenshots, retrieve clipboard contents, log keystrokes, bypass UAC and install AnyD...

Interestingly enough, Frida tool has its place on non-rooted devices as well. It can be used directly or with the help of another tool called Objection...

Every sysadmin is familiar with Veeam’s enterprise-oriented backup solution, ‘Veeam Backup & Replication’. Unfortunately, so is every ransomware operator, given it's somewhat 'privileged position' in the storage world of most enterprise's networks. There's…

🕵️‍♂️ All-in-one OSINT tool for analysing any website - Lissy93/web-check

With summer coming to an end, so are package migrations, and Kali 2024.3 can now be released. You can now start downloading or upgrading if you have an existing Kali installation. The summary of the changelog since the 2024.2 release from June is: Qualcomm…

Introduction to Android Bytecode Exploitation (Part 1) Android resides among the most popular operating systems for mobile devices, which causes Android to also be among the most popular targets for exploitation. While Android is frequently updated to fix…

Every sysadmin is familiar with Veeam’s enterprise-oriented backup solution, ‘Veeam Backup & Replication’. Unfortunately, so is every ransomware operator, given it's somewhat 'privileged position' in the storage world of most enterprise's networks. There's…

A few months ago, Radare2 (aka r2), an open source disassembler which can be entirely used by command line, started implementing AI plugins…

TL;DR I discovered a one-click account takeover vulnerability in a popular Indonesian Android app called Tokopedia . Th...

Discover Splinter, a new post-exploitation tool with advanced features like command execution and file manipulation, detected by Unit 42 researchers. Discover Splinter, a new post-exploitation tool with advanced features like command execution and file manipulation…