We’re back and ready to implement new sources and sinks in Part 2 of Finding CWE-369: Divide By Zero bugs with Binary Ninja.

Recursive DNS Subdomain Enumerator with dead-end avoidance system (BETA) - MilindPurswani/Syborg

Master CTF Challenges with binary, web, forensics & reversing walkthroughs. Practical pentesting skills through capture-the-flag solutions.

A few months ago I identified a security issue in Firefox known as CVE-2019-17016. During analysis of the issue, I’ve come up with a new technique of CSS data exfiltration in Firefox via a single injection point which I’m going to share in this blog post.

Source: SANS Penetration Testing 

As RedTeaming has grown with the industry, so has our need to build dependable environments. In keeping with the cat-and-mouse game we find ourselves in, it's essential to possess the capability of maintaining robust infrastructure which can be recreated…

This article discloses exploitation of CVE-2019-18683, which refers to multiple five-year-old race conditions in the V4L2 subsystem of the Linux kernel. I found and fixed them at the end of 2019. Here I'm going to describe a PoC exploit for x86_64 that gains…

List of Awesome Red Teaming Resources. Contribute to yeyintminthuhtut/Awesome-Red-Teaming development by creating an account on GitHub.

This is a story about how I (re)discovered an exploitation technique and took a bug with fairly limited impact to a 5 digit bounty by…

A method is detailed, dubbed CSS Exfil, which can be used to steal targeted data using Cascading Style Sheets (CSS) as an attack vector.

INTRODUCTION The great people at ClearSky  reached out to me a couple of days ago regarding a sample that they suspected could be related...

The first in a series of three posts about a methodology for hunting bugs in SAML. This post covers background information about SAML, laying the groundwork to understand SAML vulnerabilities and attacks.

simple tip! 'meg' request to burpsuite scope 1) Add wildcard domain in burpsuite scope 2) set proxychains4 config(burpsuite proxy host:port) 3) proxychains4 ~/go/bin/meg -d 1000 -v / This allows you to quickly add a wildcard host to the burpsuite😉

Frida script to perform static security analysis of an iOS app Source: https://github.com/interference-security/frida-scripts/blob/master/iOS/ios-app-static-analysis.js Twitter: https://twitter.com...

While researching a bug bounty target, I came across a web application that processed a custom file type which was actually just a ZIP file that contains an XML that functions as a manifest. If handled naively, this packaging pattern creates additional security…

A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk - GitHub - splunk/attack_range: A tool that allows...

I‘m going to share an (ab)use of a Windows feature which can result in bypassing User Group Policy (as well as a few other interesting…