- Leveraging web application vulnerabilities to steal NTLM hashes
- Are EV certificates worth the paper they’re written on?
- SSD Advisory – vBulletin routestring Unauthenticated Remote Code Execution
- Hacking the Hackers: Leveraging an SSRF in HackerTarget
- Update: Looking Glass Add-on
- 1.4 billion password breach compilation wordlist
- Introducing Merlin — A cross-platform post-exploitation HTTP/2 Command & Control Tool
- NOW That’s What I Call HaXmas!
- Apache Groovy Deserialization: A Cunning Exploit Chain to Bypass a Patch
- ropa is a Ropper-based GUI that streamlines crafting ROP chains. It provides a cleaner interface when using Ropper as compared to the command line.
- Beware the Hex-Men
- Trend Micro Smart Protection Server Multiple Vulnerabilities
- NET::Ftp allows command injection in filenames
- Yeelight, the Bluetooth LED Bedside Lamp from Xiaomi that Spies on You, Part One
- WannaCry: End of Year Retrospective
- Advanced Sage Password Recovery and Advanced Office Password Recovery Updated
- When Two-Factor Authentication is a Foe: Breaking the iCloud Keychain
- P25 digital voice decoding with GNU-radio OP25 project
- North Korea Bitten by Bitcoin Bug
- McAfee Labs Advanced Threat Research Aids Arrest of Suspected Cybercrime Gang Linked to Top Malware CTB Locker
- Invariantly Exploitable Input: An Apple Safari Bug Worth Revisiting
- Welcome to the NetSPI SQL Injection Wiki!
- Massive Cryptomining Campaign Targeting WordPress Sites
- PoC for malicious installer obfucation
- Efficient Time Based Blind SQL Injection using MySQL Bit Functions and Operators