Books about Mac malware (by Patrick Wardle)

A few months ago, I discovered a remote code execution issue in the Discord desktop application and I reported it via their Bug Bounty Prog...

TL;DR: Can we use GPUs to get 10x performance/dollar when fuzzing embedded software in the cloud? Based on our preliminary work, we think the answer is yes! Fuzzing is a software testing technique that supplies programs with many randomized inputs in an attempt…

Detection Evasion Exploit

Intro Defending an Active Directory environment, particularly a large one, is a daunting task. Telemetry generated by Active Directory itself as well as the hosts connected to it are critical…

Administrators can use teams policies for controlling what users can do in Microsoft Teams.

In this blog, I’ll show that these policies are applied only in client and thus can be easily bypassed.

A Python program to scrape secrets from GitHub through usage of a large repository of dorks. - obheda12/GitDorker

Intro (This post is made with permission of Arush Agarampur - an original author of all methods described below).   Here and below we assu...

Actions Speak Browser Than Words (Exploiting n-days for fun and profit) by Max Van Amerongen (maxpl0it)

Red Team Village Website: https://redteamvillage.io
Discord: https://redteamvillage.io/discord
Twitter: https://redteamvillage.io/twitter

A playground & labs For Hackers, 0day Bug Hunters, Pentesters, Vulnerability Researchers & other security folks. Learn, share, pwn.

A group of targeted attacks takes a different spin on methods first seen in PlugX APT operations.

Infection Monkey - An open-source adversary emulation platform - guardicore/monkey

Open EDR public repository. Contribute to ComodoSecurity/openedr development by creating an account on GitHub.

If you follow me on Twitter, you probably know that I developed my own Windows privilege escalation enumeration script - PrivescCheck - which is a sort of updated and extended version of the famous PowerUp. If you have ever run this script on Windows 7 or…

We compiled a list of several techniques for improved exploition of MSSQL injections. All the vectors have been tested on at least three of the latest versions of Microsoft SQL Server: 2019, 2017, 2016SP2. DNS Out-of-Band If confronted with a fully blind…