In September 2019, JPCERT/CC published a security alert regarding vulnerabilities in multiple SSL-VPN products. Among the vulnerabilities pointed out in the alert, JPCERT/CC has been notified of cases leveraging CVE-2019-11510 and CVE-2019-11539 in Pulse…

Security Assertion Markup Language (SAML) is an open XML-based standard for exchanging authentication and authorization data between…

Maybe you know about Same Origin Policy or not,  Mozilla describes it as: “The same-origin policy is a critical security mechanism that…

This experimetal fuzzer is meant to be used for API in-memory fuzzing. - andreafioraldi/frida-fuzzer

This adds an OSX priv esc against 2 versions of VMWare Fusion. The binary is still available, but let me know if you need it in case it gets removed. Gives an euid=0.
Of note, i'm not fam...

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet - OlivierLaflamme/Cheatsheet-God

SANS Penetration Testing blog pertaining to SQLMAP Tamper Scripts for The Win

Use and load all tamper scripts to evade filters and WAF :

The first in a series of three posts about a methodology for hunting bugs in SAML. This post covers background information about SAML, laying the groundwork to understand SAML vulnerabilities and attacks.

Mailbox auto-reply settings are usually created and defined by the users himself. If you want to get an overview of the auto-reply settings of your organization you have to ask every user: “D…

Scan Victim Backup Directories & Backup Files. Contribute to tismayil/ohmybackup development by creating an account on GitHub.

Share your videos with friends, family, and the world

Asus AsIO2 Local Privilege Escalation exploit (based on ReWolf's MSI exploit) - trou/asus-asio2-lpe-exploit

History In the recent year, major tech giants, like Google, Facebook, Magento, Shopify, Uber, Twitter, and Microsoft, have undergone XML …

Ever seen an application display a message like "changes will be rolled back ", particularly after a SQL operation? This may be a clue that ...

Hey guys,
I’m here to share my recent finding on a website which pulls me to pen down my first post. I can not disclose the name of the…

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the ...

Thanks Twitter Security Team again :) The details can be found here!
* [Attacking SSL VPN - Part 3: The Golden Pulse Secure SSL VPN RCE Chain, with Twitter as Case...