Microsoft replied that this is out of scope of their security program as well as not deemed this as a security vulnerability at all, so I…

Pen-testing android apps require different methodologies than web applications. The difference is that you have to figure out by different methods.

Maryam: Open-source Intelligence(OSINT) Framework. Contribute to saeeddhqan/Maryam development by creating an account on GitHub.

What do you get when you cross security consultants and playing games at lunch? XSS bypasses and a pot of really good coffee.

Early last year Gareth Heyes unveiled a fascinating new technique for attacking web applications by exploiting path-relative stylesheet imports, and dubbed it ‘Relative Path Overwrite’. This attack tr

بسم الله الرحمن الرحيم

Bypass Technique Description

The Cobalt Strike Blog. Read new featured content, get updates on the latest patches, and insights into the future of red teaming tools.

[POC] Asynchronous reverse shell using the HTTP protocol. - onSec-fr/Http-Asynchronous-Reverse-Shell

Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.

Tales of a preoccupied developer

In this video we go over what deeplinks are and ways they can be exploited. PoC examples and example reports are also reviewed.

While researching a bug bounty target, I came across a web application that processed a custom file type which was actually just a ZIP file that contains an XML that functions as a manifest. If handled naively, this packaging pattern creates additional security…

Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.

I've been studying the guidance computer from a Titan II nuclear missile. This compact computer was used in the 1970s to guide a Titan II ...