To begin,this is a vulnerability that I found during a bug bounty engagement.I would split this into two parts, or two separate…

Overview RFCs have played a pivotal role in helping to formalise ideas and requirements for much of the Internet’s design and engineering. They have facilitated peer review amongst engineers,…

In this post, I dissect a common misconception about the SameSite cookie attribute and I explore its potential impact on Web security.
TL;DR ¶ The SameSite cookie attribute is not well understood. Conflating site and origin is a common but harmful mistake.…

It's 2020. Quarantines are everywhere – and here I'm writing about one, too. But this quarantine is of a different kind. In this article I'll describe the Linux Kernel Heap Quarantine that I developed for mitigating kernel use-after-free exploitation.

State of DNS Rebinding Attack & Prevention Techniques and the Singularity of Origin Gérald Doussot & Roger Meyer | DEF CON 27 Today we are going to discuss the current state of DNS rebinding including recent attack & prevention techniques. We will discuss…

This blog shares some ideas about detecting zero-days in the software supply chain even before they get flagged by your typical Software Composition Analysis (SCA) or Dependency checking tools. Also shares the proof of concept code to detect malicious behavior…

Hello fellas, or as we say in Germany: “Hallo Freunde der fettfreien Leberwurst.”

In today’s blog-post we´ll be talking about relaying attacks, or more precisely about NTLM relaying attacks. So let´s get started.

As you already know I am new to the pentest…

Since 2015 when java deserialization was a major threat, lots of patches and improvements has been introduced. How to approach testing for…

LibreNMS is an open source solution for network monitoring based on PHP, MySQL and SNMP. While reviewing its source code, we discovered a second-order SQL injection vulnerability, CVE-2020-35700, in the Dashboard feature.

Multiple vulnerabilities were found in the OneDev project ranging from pre-auth Remote Code Execution (RCE) to Arbitrary File Read/Write

Game Hacking Academy has 26 repositories available. Follow their code on GitHub.

CVE-2021-24071 is a patch bypass for CVE-2020-17120 “Microsoft SharePoint SPSqlDataSource Information Disclosure Vulnerability”. It allows an attacker to connect back to a rogue MySQL server and leak the web.config file for RCE if the MySQL driver is installed.

A few years ago I was asked to help on a red-team exercise in a company doing hardware R&D.

Contribute to pkb1s/SharpRelay development by creating an account on GitHub.

The first part of the series about learning Linux kernel exploitation through hxpCTF2020 kernel-rop: Setting up the environment and the simplest technique of ret2usr

Palo Alto Networks next-generation firewall (NGFW) is one of the leading enterprise firewalls used by companies around the world to protect against various cyber-attacks. It runs on its own operating system «PAN-OS». In this article, we will analyze the vulnerabilities…

Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practising GraphQL Security. - dolevf/Damn-Vulnerable-GraphQL-Appli...