A walkthrough of CVE-2019-16116 in CompleteFTP, which allows an attacker to hijack the admin account & run arbitrary code with SYSTEM privileges.

A quick guide on exploiting pulse secure for red teaming purposes.

NSE script based on Vulners.com API. Contribute to vulnersCom/nmap-vulners development by creating an account on GitHub.

Introduction how to Exploit JWT  Introduction Authentication and authorization make developer overthinking how to implemen...

In this blog post I will discuss leveraging Meterpreter’s powershell module to execute .NET assemblies in-memory. Metasploit and Meterpreter are effective and useful tools, but occasionally one encounters a situation where they lack features. Cobalt Strike…

How to improve NGINX performance, security, and other important things. - trimstray/nginx-admins-handbook

A write-up about one vulnerability found by our team in the Google Cloud Blog platform.

Analysis of malware and Cyber Threat Intel of APT and cybercriminals groups - CyberThreatIntel/Malware Analysis 04-10-2019.md at master · StrangerealIntel/CyberThreatIntel

articles. Contribute to blaCCkHatHacEEkr/PENTESTING-BIBLE development by creating an account on GitHub.

A tool for studying JavaScript malware. Contribute to CapacitorSet/box-js development by creating an account on GitHub.

Our researcher describes how attackers can modify contact email addresses in cPanel to gain unauthorized access and plant backdoors on compromised websites.

FortiGuard Labs has discovered an unauthenticated command injection vulnerability in D-Link products that could lead to Remote Code Execution (RCE) upon successful exploitation. Learn more.…

Interactive cross-site scripting (XSS) cheat sheet for 2025, brought to you by PortSwigger. Actively maintained, and regularly updated with new vectors.

There are many ways to find vulnerabilities. One of the most scalable methods is fuzzing. In essence, fuzzing is a brute-forcing. In many cases, malformed in...