Still after all these years my favourite XSS payload is: <iframe/src=j%0aa%0av%0aa%0as%0ac%0ar%0ai%0ap%0t:prompt `1`>

I would first like to start off by saying that Fastmail has a great bug bounty program and they really care a lot about the security of…

Welcome to “Connect the dots” walkthrough, box made by awesome Sumit Verma,

Citrix ADC Remote Code Execution. Contribute to jas502n/CVE-2019-19781 development by creating an account on GitHub.

Adversaries who have compromised one system in a network frequently hijack the network traffic of other systems on the same subnet to intercept passwords, infect software downloads and updates, spy on browsing or email traffic, or launch other denial-of-service…

Recently I solved a CTF style challenge where the user was given an .apk file with the goal to find the flag. It turned out that it was a…

This is a short story of my first critical bug, a CSRF Token bypass which could lead to account take over.

The HTML5 Herald

Author:LoRexxar@Knownsec 404Team & Dawu@Knownsec 404Team Chinese version: https://paper.seebug.org/1112/

Recently I solved a CTF style challenge where the user was given an .apk file with the goal to find the flag. It turned out that it was a…

In this blog I’ll provide an overview of RunDotNetDll32, which duplicates the functionality of rundll32 for .Net assemblies.

Product Version: Avira VPN Operating System tested on: Windows 10 1709 (x64) Vulnerability: Avira VPN Service Local Privilege Escalation Brief Description: When the Phantom VPN Service (Avira.VPNSe…

Generally in application security, the user input must be sanitized. When it comes to SQL injection the root cause most of the time is because the input not being sanitized properly. I was curious …

CVE-2020-2551 WebLogic RCE via IIOP protocol. https://t.co/WyKVkQASiL

In Microsoft Active Directory, computers also have their accounts. We used to consider them useless when they turned up during pentests, ...

** DISCONTINUED ** C2 framework that uses Background Intelligent Transfer Service (BITS) as communication protocol and Direct Syscalls + Dinvoke for EDR user-mode hooking evasion. - Kudaes/LOLBITS

There was a 4 digit PIN for opening the app. First I thought this can be bypass using response manipulation. But wait ! not getting any…