A Javascript library for browser exploitation. Contribute to theori-io/pwnjs development by creating an account on GitHub.

Billions of subscribers use SIM cards in their phones. Yet, outside a relatively small circle, information about SIM card technology is n...

Hey everyone, I recently reported a dupe for a XSSI bug on a private program which paid out $300, to the original reporter. I believe the…

Introduction NTLM authentication is the de-facto standard in corporate networks running Windows. There are a plethora of well-understood local attacks that take advantage of the way Windows perform automatic NTLM authentication, and abusing this feature is…

RAT And C&C Resources. 250+ Open Source Projects, 1200+ RAT/C&C blog/video. - alphaSeclab/awesome-rat

Exploiting type confusion bugs in latest JSC and escaping the sandbox

Don’t have the time to read the entire article? Go to the FAQ section below for everything you should know.

Intro

D-Link DIR-859 - RCE UnAutenticated (CVE-2019–17621) - s1kr10s/D-Link-DIR-859-RCE

Here is my the very first hacking writeup. And the first machine is 
Legacy  —  retired, but pretty useful for novice. This machine was…

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Blogs related to information security.

Run a Linux/Unix command with a time limit: Learn how to run a command, and have it abort or timeout after N seconds using timeout, bash & Perl one-liner

I was talking to a pen testing company recently at a data security conference to learn more about “day in the life” aspects of their trade. Their president told me...

Researchers

Recently I discovered multiple high severity vulnerabilities in Selectica Contract Lifecycle Management (SCLM) version 5.4.  Cross-site Scripting (XSS) There was no shortage of XSS in this app.  Here's an example from a light scan with Burp Suite: This is…