Local Privilege Escalation in Rapid7’s Windows Insight IDR Agent by Florian Bogner With Insight IDR Rapid7 has created a very powerful, yet …

Compiled dataset of Java deserialization CVEs. Contribute to PalindromeLabs/Java-Deserialization-CVEs development by creating an account on GitHub.

POC: CVE-2021-69420 https://t.co/kcfNl2ys1L https://t.co/n7PCGE3nsd

TL;DR: Why investing in Electron apps might be a waste of time.

Introduction Back in 2020 while reviewing Chromium code, I found issue 1068395, a Use-After-Free in Browser Process that can be used to escape the Chromium sandbox on Android Devices. This is an interesting vulnerability as it’s a bug pattern that keeps happening…

Contribute to neex/http2smugl development by creating an account on GitHub.

A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites. - zigoo0/JSONBee

I got many requests after my last tweet on the discovery of a backdoored Electrum wallet, that was notarized by Apple !

In the dependency confusion attacks, a user can be tricked into installing a malicious dependency/library instead of the one they intended to install.

A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Develo...

Browser's XSS Filter Bypass Cheat Sheet. Contribute to masatokinugawa/filterbypass development by creating an account on GitHub.

The encyclopedia for offensive security in the cloud

DNS rebinding headless browsers with dref

everytime yu face a 401 Unauthorized respense add this header to the request : X-Custom-IP-Authorization: 127.0.0.1 #bugbountytips