Notify is a Go-based assistance package that enables you to stream the output of several tools (or read from a file) and publish it to a variety of supported platforms. - projectdiscovery/notify

Where SMART MDM & Group Policy Admins come to Get Smarter.

I've published the article covering my talk at @ZeroNights! Improving the exploit for CVE-2021-26708 in the Linux kernel to bypass LKRG a13xp0p0v.github.io/2021/08/25/lkr… Slides: a13xp0p0v.github.io/img/CVE-2021-2… PoC exploit demo video: youtube.com/watch?v=O6rsuG……

A critical vulnerability in Azure's flagship Cosmos DB service affecting thousands of customers. Mitigation requires customers' manual actions.

EasyHook - The reinvention of Windows API Hooking. Contribute to EasyHook/EasyHook development by creating an account on GitHub.

Continuing with the theme of serious vulnerabilities that have recently come to light in Microsoft Exchange Server, in this article we present a new vulnerability we call ProxyToken. It was reported to the Zero Day Initiative in March 2021 by researcher Le…

Is your feature request related to a problem? Please describe This feature is not related to any problem directly, however, it may add useful functionalities. Describe the solution you'd li...

By default, domain joined Windows workstations allow access to the network selection UI from the lock screen.

An attacker with physical access to a locked device with WiFi capabilities (such as a laptop or a workstation) can abuse this functionality to force…

Acknowledgements My understanding of EDRs would not be possible without the help of many great security researchers. Below are some write-ups and talks that really helped me gain the understanding needed and hit the ground running on the research that will…

Compromise of the AD FS server token-signing certificate could result in access to the Azure/Office365 environment by the attacker.

Zuthaka is an open source application designed to assist red-teaming efforts, by simplifying the task of managing different APTs and other post-exploitation tools. - GitHub - pucarasec/zuthaka: Zu...

[thread] Lest months were quite challenging 😮‍💨 - github.com/ShutdownRepo/s… - github.com/ShutdownRepo/p… - github.com/ShutdownRepo/t… - github.com/SecureAuthCorp… - github.com/SecureAuthCorp… - continuous work on thehacker.recipes and github.com/ShutdownRepo/E……

This blog post is the first of a many part series on WMI and is intended for fairly new audiences. A basic understanding of Powershell will definitely help the reader while going through the blog, however, it is not a requirement. That’s it, let us jump into…

Recently I was browsing Twitter and came across a very interesting tweet: A simple string search within the process memory for svchost.exe revealed the plaintext password that was used to connect to the system via RDP. After some testing, I was also able…