A tool that implements the Golden SAML attack. Contribute to cyberark/shimit development by creating an account on GitHub.

Keybase client allowed inject arbitrary links with arbitrary protocols. This caused a Remote Command Execution on Windows and MacOS.

Some time last year, I came across a Burp extension on Github that replicates the Invoke Applications functionality from OWASP ZAP in Burp....

, or why being too quick can lead to a false positive

Learn how to use Frida for Android penetration testing, including hooking, injecting, and analyzing Android apps for security vulnerabilities.

A couple of months ago, an interesting story happened to me. I caught a Path Traversal issue with no chance to reproduce it again.

I reverse engineered a special tool that lets you switch an Alcatel MW41 hotspot into a debug mode, granting root access to the device.

In the previous blog post, I explained how Site Isolation and related security features help mitigate attacks such as UXSS and Spectre. However, security bugs in a renderer process are really common, and therefore Chromium’s threat model assumes that a renderer…

The BumbleBee webshell is used by the xHunt Campaign to upload and download files to a compromised server and to move laterally on the network.

David Schütz's bug bounty writeups

Ambionics Security team discovered an RCE in Laravel, when the framework is in debug mode.

Proof of concept of hiding conections with ShadowMove technique

Let’s reverse Pixelize blur.

Hey folks, welcome to my first bug bounty writeup, which I found on Microsoft Edge (Chromium) browser.

Using discovered credentials to move laterally in an environment is a common goal for the NCC Group FSAS team. The ability to quickly and reliably use a newly gained set of credentials is essential…