A few days ago I wrote a blog post about the evolving landscape of threat detection and how attackers need to adapt their techniques. In the previous post, I talked about one of the deception techn…

The cheat sheet about Java Deserialization vulnerabilities - GrrrDog/Java-Deserialization-Cheat-Sheet

Bypass software restrictions such as AppLocker, SRP or GPO policies and spawn a command prompt or PowerShell interpreter. Run PowerShell without powershell.exe.

How I found site wide CSRF bug by a trick that I learned on Twitter

Bugcrowd's bug bounty and vulnerability disclosure platform connects the global security researcher community with your business. Crowdsourced security testing, a better approach! Run your bug bounty programs with us.

Cross-site scripting labs for web application security enthusiasts - GitHub - tegal1337/0l4bs: Cross-site scripting labs for web application security enthusiasts

I‘m going to share an (ab)use of a Windows feature which can result in bypassing User Group Policy (as well as a few other interesting…

weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力：CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-32...

Your syllabus for going from newbie to top hacker

Известный Android-троян сменил тактику и «заработал» десятки миллионов рублей на российских пользователях

A Workflow Engine for Offensive Security. Contribute to j3ssie/osmedeus development by creating an account on GitHub.

We engaged Doyensec to perform a security assessment of our firmware, v3.0.1 at the time of testing. During a 10 person/days project, Doyensec discovered and reported 3 vulnerabilities in our firmware. While two of the issues are considered informational…

Introduction Back in 2018, PaloAlto Unit42 publicly documented RGDoor, an IIS backdoor used by the APT34. The article highlighted some details which sparked my interest and inspired me to write...

Burp Collaborator is a network service that enables you to detect invisible vulnerabilities. These are vulnerabilities that don't: Trigger error messages. ...

Adaptive DLL hijacking / dynamic export forwarding - monoxgas/Koppeling

Estimated Reading Time: 8 minutes Summary about Cacti Cacti is a complete network graphing solution designed to harness the power of RRDTool’s data storage and graphing functionality, Cacti provides a fast poller, advanced graph templating, multiple data…

Over the last few weeks, I’ve had conversations with several individuals around mitigating lateral movement in a Windows environment. In…