changes to this registry entry are very rare, make sure to add it to your watchlist (seen it used as one item part of an RDP tunnling automation payload, main objective is to reduce sysadmins suspicion) #dfir

We reported an overflow vulnerability in the base64 decode function of Exim on 5 February, 2018, identified as CVE-2018-6789. This bug exists since the first commit of exim, hence ALL versions are affected. According to our research, it can be leveraged to…

Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment - DanMcInerney/icebreaker

Win32k Exploit by Grant Willcox. Contribute to exodusintel/CVE-2019-0808 development by creating an account on GitHub.

by Florian Bogner The case was originally published at: https://bogner.sh/2018/11/0-day-in-elba5s-network-installation-overtaking-your-companys-bank-account/ This blog post is about a previously unknown critical vulnerability in …

Vulnerability disclosure & how NOT to handle it, featuring LG electronics.

Click to view Frederik's blog post

A bunch of scripts I use to work with urlscan.io. Contribute to triw0lf/urlscan_scripts development by creating an account on GitHub.

Background

Let me open this with a few questions Do you have your own penetration testing lab? Have you installed Windows Server 2016 before? Do you have Active Directory at home? What version of PowerShell a…

A dive into Windows processes, access tokens, SACLs, WinAPI and access token manipulation.

In this blog post, I’m going to share about a double-free vulnerability that I discovered in WhatsApp for Android, and how I turned it into an RCE. I informed this to Facebook. Facebook acknowledged and patched it officially in WhatsApp version 2.19.244.…

Interactive cross-site scripting (XSS) cheat sheet for 2025, brought to you by PortSwigger. Actively maintained, and regularly updated with new vectors.

Test your JavaScript, CSS, HTML or CoffeeScript online with JSFiddle code editor.

Contribute to IOActive/jdwp-shellifier development by creating an account on GitHub.