Custom protocol handlers are an obscure attack surface. They allow us to convert
local attacks into remote ones and are an alternative way to












































jump the browser sandbox without 0days).
Similar to the…

Revisiting ReDoS: A Rough Idea of Data Exfiltration by ReDoS and Side-channe TechniquesThe technique I will introduce this time is Time based Regex Injection.This is a recently announced technique on

By default, Apple has a feature that allows all of their iOS devices to be assigned restrictions, so that employees and mostly children cannot access naughty websites and other types of less-desirable content. You can enable these settings by visiting Settings…

The @CryptoHack__ account was pinged today by ENOENT, with a CTF-like challenge found in the wild: Source tweet. Here’s a write-up covering how given a partially redacted PEM, the whole private key can be recovered.

Intro The OAuth2 authorization protocol has been under fire for the past ten years. You've probably already heard about plenty of "return_uri" tricks, token leakages, CSRF-style attacks on clients, an

When NTB-NS/ARP/LLMNR is disable, you still have DHCP.py in Responder's tools/ folder.

The other day I got bored and decided to do a little PowerShell one-liner on my Windows 10 gaming rig. I wanted to see if I have any DLL’s that are unsigned or invalid in my C:\Windows direct…

In most cases, hackers

yes you can

Zero-Click Zip TL;DR

<p>As cheesy as the title sounds, I promise it cannot beat the cheesiness of the technique I’ll be telling you about in this post. The morning I saw Mark Ermolov’s tweet about the undocume

This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.

Our users deliver software to us as Docker containers, but we don’t use Docker to run them. We transmogrify container images into Firecracker micro-VMs. Here's how.