This is a write up on how to do Jerry Machine on Hack The Box. I’ll try to make this write up as beginner friendly as much as possible so…

Let’s take a look at some essential OSINT resources plus recent developments in the areas of data, tooling, content and community.

Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique...

PayloadBox

Anti-virus Exploitation Hey guys, long time no article! Over the past few months, I have been looking into exploitation of anti-viruses via logic bugs. I will briefly discuss the approach towards performing vulnerability research of these security products…

A collection of links related to VMware escape exploits - xairy/vmware-exploitation

Last week Intigriti had posted an XSS challenge on Twitter. I decided to give it a look. Today , in this article I am going to explain how I solved this challenge. Here is the code, const whitelist = ['intigriti.com','intigriti.io']; var url = new URL(l…

A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileg...

Time to grab yourself a drink, this will take a while!







We are incredibly excited to announce our fourth and final release of 2019, Kali Linux 2019.4, which is available immediately for download.
2019.4 includes some exciting new updates:…

Hello All

GitHub Gist: instantly share code, notes, and snippets.

Hey everyone, I’d like to share how I found a simple API authorization bug in a private program, which affected thousands of sub-domains…

This is a write-up on how I solved Chainsaw from HacktheBox.

Bypassing AVs by C# Managed Code (Reverse Shell) In this article I want to talk about simple C# source code …

"Are you such a dreamer to put the world to rights? I stay home forever where 2 and 2 always …

An article about a small security flaw in the SSH authentication protocol that can lead to unexpected information disclosure of private infrastructure.

A collection of awesome penetration testing resources, tools and other shiny things - enaqx/awesome-pentest

Leaders in Information Security

create cypher create statements for neo4j out of netstat files from multiple machines - trinitor/netstat2neo4j