Jenkins CVE-2024-23897 Arbitrary file read vulnerability through the CLI can lead to RCE POC #BugBounty #vulnerabilities #rce

AI Exploits: A collection of real world AI/ML exploits for responsibly disclosed vulnerabilities securityonline.info/ai-exploits-a-…

Discover my latest article on explaining and exploiting the file write vulnerability into RCE via Mobsf (CVE-2024-21633) ! 📑 Kudos to 0x33c0unt for discovering and reporting the vulnerability 🐛 qu35t.pw/posts/2024-216…

Sharing our writeup for Jumpserver Preauth RCE Exploit Chain sites.google.com/site/zhiniangp…

Just published a writeup on my account takeover vulnerability in ChatGPT, using a really cool web cache deception technique. Waited a while to finally publish this, enjoy :) nokline.github.io/bugbounty/2024…

linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks github.com/lefayjey/linWi… #Pentesting #CyberSecurity #Infosec

CVE-2024-20931 Oracle Weblogic PoC, bypass of CVE-2023-21839 github.com/dinosn/CVE-202…

The lolol.farm continues to grow! Introducing a new project: LoFP - Living off the False Positive Where you can blend into the noise, or leverage it for triage and rule writing. 🎊🍻 br0k3nlab.com/LoFP/ #DetectionEngineering #Security

HTTP Downgrade attacks with SmuggleFuzz : moopinger.github.io/blog/smugglefu… smugglefuzz : A customizable and rapid HTTP downgrade smuggling scanner written in Go : github.com/Moopinger/smug… Ref : http2smugl : tool helps to detect and exploit HTTP request smuggling in cases it can be

Four years after publishing my code stealing passwords from WinLogon I have just realized that NPLogonNotify() has a twin! NPPasswordChangeNotify() obtains old and new cleartext passwords changed via CtrlAltDel. Clearly documented by MS and easy to use: github.com/gtworek/PSBits…

🐳 Docker Security – Step-by-Step Hardening (Docker Hardening) One of the most detailed guides I've ever seen 🔥 Covers hardening steps for the Docker Host, Docker Daemon, images, and containers reynardsec.com/en/docker-plat…

r2d2 : radare2 plugin for GPT-4 solves a crackme with just 1 prompt : github.com/dnakov/r2d2

A collection of webshell github.com/Peaky-XD/websh…

We Hacked Google A.I. for $50,000 : landh.tech/blog/20240304-… credits Lupin Joseph Thacker Justin Gardner

Vortimo OSINT An online tool for quickly searching hundreds of different sources and then processing the information found. As an entry point you can use: - email - domain - hash - phone number - image and more. find.osint-tool.com Creator Vortimo Roelof Temmingh

An ssh honeypot with the XZ backdoor. CVE-2024-3094 github.com/lockness-Ko/xz…

I'm not sure what's more disturbing: the fact that AI can generate images, or the fact that people are willing to use them in almost every fckng security post or article without bothering or caring about their quality at all.

Everyone knows that the RFCs for email addresses are crazy. This post will show without doubt that you should not be following the RFC. portswigger.net/research/split…

DeepSeek jailbreak, system prompt extracted, and some OpenAI data distillation model response after the jailbreak lab.wallarm.com/jailbreaking-g…