This article discloses exploitation of CVE-2019-18683, which refers to multiple five-year-old race conditions in the V4L2 subsystem of the Linux kernel. I found and fixed them at the end of 2019. Here I'm going to describe a PoC exploit for x86_64 that gains…

List of Awesome Red Teaming Resources. Contribute to yeyintminthuhtut/Awesome-Red-Teaming development by creating an account on GitHub.

This is a story about how I (re)discovered an exploitation technique and took a bug with fairly limited impact to a 5 digit bounty by…

A method is detailed, dubbed CSS Exfil, which can be used to steal targeted data using Cascading Style Sheets (CSS) as an attack vector.

INTRODUCTION The great people at ClearSky  reached out to me a couple of days ago regarding a sample that they suspected could be related...

The first in a series of three posts about a methodology for hunting bugs in SAML. This post covers background information about SAML, laying the groundwork to understand SAML vulnerabilities and attacks.

simple tip! 'meg' request to burpsuite scope 1) Add wildcard domain in burpsuite scope 2) set proxychains4 config(burpsuite proxy host:port) 3) proxychains4 ~/go/bin/meg -d 1000 -v / This allows you to quickly add a wildcard host to the burpsuite😉

Frida script to perform static security analysis of an iOS app Source: https://github.com/interference-security/frida-scripts/blob/master/iOS/ios-app-static-analysis.js Twitter: https://twitter.com...

While researching a bug bounty target, I came across a web application that processed a custom file type which was actually just a ZIP file that contains an XML that functions as a manifest. If handled naively, this packaging pattern creates additional security…

A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk - GitHub - splunk/attack_range: A tool that allows...

I‘m going to share an (ab)use of a Windows feature which can result in bypassing User Group Policy (as well as a few other interesting…

A few days ago I wrote a blog post about the evolving landscape of threat detection and how attackers need to adapt their techniques. In the previous post, I talked about one of the deception techn…

The cheat sheet about Java Deserialization vulnerabilities - GrrrDog/Java-Deserialization-Cheat-Sheet

Bypass software restrictions such as AppLocker, SRP or GPO policies and spawn a command prompt or PowerShell interpreter. Run PowerShell without powershell.exe.

How I found site wide CSRF bug by a trick that I learned on Twitter

Bugcrowd's bug bounty and vulnerability disclosure platform connects the global security researcher community with your business. Crowdsourced security testing, a better approach! Run your bug bounty programs with us.

Cross-site scripting labs for web application security enthusiasts - GitHub - tegal1337/0l4bs: Cross-site scripting labs for web application security enthusiasts