red team, blue team, penetration testing, red teaming, threat hunting, digital forensics, incident response, cyber security, IT security

CVE-2019-0232 is a vulnerability in Apache Tomcat that could allow attackers to execute arbitrary commands by abusing an operating system command injection brought about by a Tomcat CGI Servlet input validation error.

For all these times you're asking yourself "what is this panel again?" - misterch0c/what_is_this_c2

This post walks through the processes of building a passive IMSI catcher. The purpose of this post is to be educational - to highlight the ease of which these devices can be built, and to practically show how privacy is already being compromised today.

List of Awesome Advanced Windows Exploitation References - yeyintminthuhtut/Awesome-Advanced-Windows-Exploitation-References

What computer do you use? Who made it? Have you ever thought about what came with your computer? When we think of Remote Code Execution (RCE) vulnerabilities in mass, we might think of vulnerabilities in the operating system, but another attack vector to…

The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL) - JoeyRentenaar/Office-365-Extractor

All malwares are equals, but some malware are more equals than others Joxean Koret

Adobe Reader progress One year ago I blogged about my many attempts and failures at fuzzing Adobe Reader and finding exploitable security issues.

This is a tale of how we found a wormable XSS on Twitter, and how we managed to fully bypass its CSP policy.

Infiltrate 2019 talk slides

SAP Message Server research presented at OPCDE 2019 - gelim/sap_ms

USB armory: open source flash-drive-sized computer - inversepath/usbarmory

CLEARED FOR RELEASE: We thwarted an attempted Hamas cyber offensive against Israeli targets. Following our successful cyber defensive operation, we targeted a building where the Hamas cyber operatives work. HamasCyberHQ.exe has been removed.