Note: The vulnerabilities that are discussed in this post were patched quickly and properly by Google. We support responsible disclosure. The research that resulted in this post was done by me and …

Heuristic Vulnerable Parameter Scanner. Contribute to s0md3v/Parth development by creating an account on GitHub.

Content-Type Research. Contribute to BlackFan/content-type-research development by creating an account on GitHub.

This one was a fun little hack. Versions 5.4.1.7 and below, and 5.4.0.12 and below of the X-Cart PHP ecommerce platform are affected by an unauthenticated vulnerability that allows an attacker to c…

The Swiss Army knife for automated Web Application Testing - jaeles-project/jaeles

An article about an Arbitrary File Read vulnerability (CVE-2019-19499) in Grafana

Here is a primer on finding and creating POCs for bugs found with postMessage javascript function

Network security should be a major focus for companies moving to the cloud. Cloud networks are exposed to the Internet and companies don’t have direct control of the hardware running them. When not configured correctly, networks in the cloud could be attacked…

List DTDs and generate XXE payloads using those local DTDs. - GoSecure/dtd-finder

If you want your own Burp Collaborator, but with more protocols and web panel here it is https://t.co/jUZj6VWAy7

340 weak JWT secrets you should check in your code. Don't leave your web app's authentication exposed to hackers. Review this list

I recently took a Black Hat course by MDSec called

TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite. - summitt/Nope-Proxy

A Server-Side Template Injection was identified in Netflix Conductor enabling attackers to inject arbitrary Java EL expressions, leading to a pre-auth Remote Code Execution (RCE) vulnerability.

Use angr in Ghidra. Contribute to Nalen98/AngryGhidra development by creating an account on GitHub.

Video post by @hardik05.

Contribute to b1ack0wl/linux_mint_poc development by creating an account on GitHub.