Pass the Hash is extremely used in internal pentests to get administrative rights on a set of hosts. We will detail here how this technique works.

While researching a bug bounty target, I came across a web application that processed a custom file type which was actually just a ZIP file that contains an XML that functions as a manifest. If handled naively, this packaging pattern creates additional security…

This most recent Patch Tuesday, Microsoft released an Important-rated patch to address a remote code execution bug in Microsoft Exchange Server. This vulnerability was reported to us by an anonymous researcher and affects all supported versions of Microsoft…

SkySafe Miscellaneous Reverse Engineering Blog. Contribute to skysafe/reblog development by creating an account on GitHub.

Written by Cedric Halbronn On Saturday 15th February, I gave a talk titled “How CVE-2018-8611 Can be Exploited to Achieve Privilege Escalation on Windows 10 1809 (RS5) and Earlier”. Thi…

Jenkins offers a credentials store where we can keep our secrets. Of someone stole your source code and dumped your databases, you might think it's game over, but that's not always true...

  Bug Bounty Tips Over the past years we have shared a lot of  tips to help our readers in one way or another. Thinking outside the box or trying a different approach could be the defining factor in...

While I prefer more to write/talk about far-going topics instead of just one vulnerability write-up, I decided to make an exception for…

During the latest years Web Security has become a very important topic in the IT Security field. The advantages the web offers resulted in very critical services being developed as web applications. The business requirements for their web applications security…