You might like
Have you heard of ORM Leak vulnerabilities? @elttam just published a super interesting deep dive into them, with tons of potential for further research elttam.com/blog/plormbing…
In this post I'll use CVE-2023-3420, an incorrect side effect modelling bug in the JIT compiler that I reported to Chrome, to gain a sandboxed remote code execution in the renderer: github.blog/2023-09-26-get…
Unfortunately, the Team Orca of Sea Security could not get their exploit of the Xiaomi 13 Pro working within the time allotted. #Pwn2Own
I wrote a blog post regarding the technical details of CVE-2022-31700. It's an interesting case study of attacking custom Java Bean Validators (JSR 380) for RCE: trenchant.io/vmware-workspa… The original advisory can be found here: srcincite.io/advisories/src…
Love this auth bypass via JSON Injection found by @GHSecurityLab, it's such an underrated attack class. Backslash Powered Scanner can detect JSON Injection but it takes dedication to build a real exploit black-box. github.blog/2023-03-03-git…
GitLab disclosed a bug submitted by @wcbowling: hackerone.com/reports/1154542 - Bounty: $20,000 #hackerone #bugbounty
The comprehensive list of today's emerging threats, nOtWASP bottom 10: vulnerabilities that make you cry by @albinowax, @artsploit and @garethheyes portswigger.net/research/notwa…
The top 10 web hacking techniques of 2020, by @albinowax with help from @filedescriptor, @irsdl, @Agarri_FR and the entire community portswigger.net/research/top-1…
JavaScriptCore Internals Part 1 - Tracing Source to Bytecode: In this series we look at the areas of Webkit's JavaScript engine relevant for vulnerability research. zon8.re/posts/jsc-inte…
Here are all the recordings from #NahamCon2020 with talks from @TomNomNom, @securinti, @samwcyo, @ChloeMessdaghi, @BitK_, @mdisec, @defparam, @snyff, @jcran, @_johnhammond, @Jhaddix and @jeff_foley! Enjoy! youtube.com/playlist?list=…
New blog post is up showing how Mimilib and memssp work to harvest credentials. blog.xpnsec.com/exploring-mimi…
blog.xpnsec.com
@_xpn_ - Exploring Mimikatz - Part 2 - SSP
@_xpn_ - Exploring Mimikatz - Part 2 - SSP
This is the official Twitter account of the Web Security Academy - free web security training from the makers of @Burp_Suite. Follow for updates as we add new materials and labs to the Academy. portswigger.net/web-security
I just published My Experience of OSCP Proctored Exam link.medium.com/VhCFyoEcAV
link.medium.com
My Experience of OSCP Proctored Exam
Offensive Security has changed their OSCP exam format as proctored since July 2018 for the sake of preventing the cheater. Though I…
Learning about Universal Links and #Fuzzing URL Schemes on #iOS with #Frida grepharder.github.io/blog/0x03_lear…
Blog post: Nominations are now open for the Top 10 web hacking techniques of 2018. To make your nomination, reply to this thread or use the linked form. portswigger.net/blog/top-10-we…
New from @harmj0y - Releasing Rubeus 1.2.0, which adds fake delegation TGTs and Kerberos based password changes. posts.specterops.io/rubeus-now-wit…
Blogpost about a new #persistence technique I discovered abusing the Appx/UWP debugger. Technique is not shown by #Autoruns and runs commands at logon of the user. A simple registry key is all that is needed. Enjoy! #RedTeam #DFIR #Pentest #Blogpost oddvar.moe/2018/09/06/per…
I just registered for KringleCon, Santa’s online virtual conference uniting security professionals and ethical hackers around the world! You can see me there in December 2018. Here’s what I’ll look like: kringlecon.com/?share=2c68519… SANS #HolidayHack
Neat, this is live now. rapid7.com/db/modules/exp…
rapid7.com
Rapid7
Default description for Twitter sharing.
Woot !! Black-smith @wvuuuuuuuuuuuuu is working in #Metasploit foundry on "Shell In The Ghost" bug found a few days ago by @taviso from P0 (Ghostscript Failed Restore Command Execution). Expect a few shells in Ghostscript frontends. Logo by @angealbertini github.com/rapid7/metaspl…
United States Trends
- 1. Grammy 419K posts
- 2. #FliffCashFriday 2,379 posts
- 3. Dizzy 10.8K posts
- 4. James Watson 10.4K posts
- 5. Clipse 24.2K posts
- 6. Chase 86.8K posts
- 7. Kendrick 67.1K posts
- 8. MANELYK EN COMPLICES 14.7K posts
- 9. Darryl Strawberry 1,561 posts
- 10. Capitol Police 14.2K posts
- 11. Orban 54K posts
- 12. #tnwx N/A
- 13. Vesia 1,212 posts
- 14. #FursuitFriday 12.4K posts
- 15. #GOPHealthCareShutdown 11.1K posts
- 16. Thune 80.8K posts
- 17. Bijan 3,294 posts
- 18. Laporta 14.4K posts
- 19. Klay 5,811 posts
- 20. Starkville N/A
You might like
Something went wrong.
Something went wrong.