Exploiting Markdown Syntax

Markdown is wonderful. In fact, this blog post itself is written in Markdown. I don't need to use lengthy uneccessary HTML for simple things like links, tables, code blocks and lists. Nor do I need to go out of my way to do simple…

Android Kernel Exploitation. Contribute to cloudfuzz/android-kernel-exploitation development by creating an account on GitHub.

One of these documented but not commonly used behaviors is the ability to send multiple queries with a single GraphQL request, a.k.a....

I have three new web bugs to demonstrate. Each of them take advantage of how a semicolon character is interpreted by a web server or browser. Each of these bugs can be demonstrated on the latest release of Apache Tomcat 7.0.22, and the latest browsers. Exploitation…

Had a job to test an application few days back. Its an application using java applet. Hurm..when I heard its an application via java applet...

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training! - appsecco/breaking-and-pwning-apps-and-servers...

This was found in a private bug bounty. The scope is limited to a few of features that available to the public. Based on the previous repor...

### Summary

This vulnerability allows attacker to send arbitrary requests to local network which hosts GitLab and read the response. This is possible due to flawed DNS rebinding protection.

The...

Update Faker (updatefaker.com) is a harmless website to prank your friends, family or colleagues when they leave their computer unattended! It doesn't matter if they use Microsoft Windows, Apple OSX, or an older operating system, we've got you covered!

We have all heard about VLAN double tagging attacks for a long time now. There have been many references and even a single packet proof of concept for VLAN double tagging attack but none of them

Simple CLI tool for the generation of bind and reverse shells in multiple languages - ShutdownRepo/shellerator

After publishing my blog post Unauthorized Google Maps API Key Usage Cases, and Why You Need to Care and scanner script for it, I got…

Hello everyone i hope you guys are doing great in this quarantine i decided to write small blog post about my months older bug please have…

Hey all,

Securify provides reality checks to lower security risks and build up resilience against threats. Agile Security, Pentesting (scenario-based) and Red Teaming.