Hi everyone, today I will talk about an interesting account takeover flaw which I found around a year back. The root cause of this issue…

Hi everyone,This is my first Google bug bounty writeups, I want to tell you about CSRF vulnerability on Google Digital Garage. Have you ever heard of the Google Gigital Garage? an online courses from Google that is designed for you to grow your career or…

Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS. - gtworek/Priv2Admin

»_ everything is not as it seems. 🎃 «input»; p=-alert(1)}//\ $result* var n = {a: "-alert(1)}//\", b: "-alert(1)}//\"}; «input»; p=\&q=-alert(1)// $result* var n = {a: "\", b: "-alert(1)}//"}; #BugBounty #BugBountyTip #WAF #infosec

In this post, I will reveal a security flaw in Autopilot, Microsoft's new solution to deploy Windows machines to end users. I will show you how end users easily can get administrator rights during the installation process.

After digging into Windows 10 and discovering a rather interesting method for bypassing user account control, I decided to spend a little more time investigating other potential techniques for gett…

Adversary Tactics - PowerShell Training. Contribute to specterops/at-ps development by creating an account on GitHub.

Domain user enumeration tool. Contribute to sensepost/UserEnum development by creating an account on GitHub.

Sudo’s pwfeedback option can be used to provide visual feedback when the user is inputting their password. For each key press, an asterisk is printed. This option was added in response to user confusion over how the standard Password: prompt disables the…

Azure Security Kit  aka AzSK is a framework that is used internally by Microsoft to control & govern their Azure Subscriptions. While some features are overlapping with Azure Security Center, I…

This blog post illustrates a vulnerability we discovered in the F-Secure Internet Gatekeeper application. It shows how a simple mistake can lead to an exploitable unauthenticated remote code execution vulnerability.