We found some interesting middleware misconfigurations and potential exploits affecting Nginx web servers, load balancers, and proxies.

Security concerns with PR build systems

Local Privilege Escalation in Rapid7’s Windows Insight IDR Agent by Florian Bogner With Insight IDR Rapid7 has created a very powerful, yet …

Compiled dataset of Java deserialization CVEs. Contribute to PalindromeLabs/Java-Deserialization-CVEs development by creating an account on GitHub.

POC: CVE-2021-69420 https://t.co/kcfNl2ys1L https://t.co/n7PCGE3nsd

TL;DR: Why investing in Electron apps might be a waste of time.

Introduction Back in 2020 while reviewing Chromium code, I found issue 1068395, a Use-After-Free in Browser Process that can be used to escape the Chromium sandbox on Android Devices. This is an interesting vulnerability as it’s a bug pattern that keeps happening…

Contribute to neex/http2smugl development by creating an account on GitHub.

A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites. - zigoo0/JSONBee

I got many requests after my last tweet on the discovery of a backdoored Electrum wallet, that was notarized by Apple !

In the dependency confusion attacks, a user can be tricked into installing a malicious dependency/library instead of the one they intended to install.

A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Develo...

Browser's XSS Filter Bypass Cheat Sheet. Contribute to masatokinugawa/filterbypass development by creating an account on GitHub.