Small #SSTI trick: Blind Template Injection with handling of some sandbox escapes. Payload in the workshop below. #dns #freemarker #pentest #BurpSuite Based on work from @olekmirosh and @pwntester https://t.co/H1YxMeD4o1

A tool that implements the Golden SAML attack. Contribute to cyberark/shimit development by creating an account on GitHub.

Keybase client allowed inject arbitrary links with arbitrary protocols. This caused a Remote Command Execution on Windows and MacOS.

Some time last year, I came across a Burp extension on Github that replicates the Invoke Applications functionality from OWASP ZAP in Burp....

, or why being too quick can lead to a false positive

Learn how to use Frida for Android penetration testing, including hooking, injecting, and analyzing Android apps for security vulnerabilities.

A couple of months ago, an interesting story happened to me. I caught a Path Traversal issue with no chance to reproduce it again.

I reverse engineered a special tool that lets you switch an Alcatel MW41 hotspot into a debug mode, granting root access to the device.

In the previous blog post, I explained how Site Isolation and related security features help mitigate attacks such as UXSS and Spectre. However, security bugs in a renderer process are really common, and therefore Chromium’s threat model assumes that a renderer…

The BumbleBee webshell is used by the xHunt Campaign to upload and download files to a compromised server and to move laterally on the network.

David Schütz's bug bounty writeups

Ambionics Security team discovered an RCE in Laravel, when the framework is in debug mode.

Proof of concept of hiding conections with ShadowMove technique