I found out "C:\Windows\System32\WorkFolders.exe" (signed by MS) can be used to run arbitrary executables in the current working directory with the name control.exe. It's like a new rundll32.exe #lolbin but for EXEs!

We have a new entry in the team, everyone welcome Petar Jr. Pranic 🤟

going to NULLCON via train, let’s meet there 🌚

4/8/22 #bugbountydiary #bugbountytips Everyone is sick in the house but I had some running scans I needed to check up on. I found a SQL injection bug on a blog. Here's how I did it, so you can learn... 👇 🚨Like, retweet, & follow for more hacker tips!🚨 1/x

dawgyg - WoH Hey Dawg I recommend using this instead github.com/ssl/ezXSS it has better features ;) You can test it here demo.ezxss.com/manage/dashboa… pass:demo1234

Burp Extension for Broken Access Control Thread 🧵 #bugbounty #bugbountytip #bugbountytips

SpringBoot related vulnerability learning materials, collection of methods and techniques, black box security assessment checklist github.com/LandGrey/Sprin…

finally!

👀👀

Just released this PoC tool based on Advanced Persistent Tortellini's work. Still pretty rough on the edges and outputs some false positives, but gets the job done for dangling process handles =] github.com/bananabr/Givem…

Thanks to github.com/fin3ss3g0d/evi…, I'm working on an interesting distributed infrastructure using AWS services + docker but fin3ss3g0d I have some ideas to share with you for evilgophish, can you DM me?

Reverse engineering Spybot's Terminator tool (Zemana Antimalware driver) to achieve LPE as SYSTEM and unrestricted raw SCSI disk read/write. voidsec.com/reverse-engine…

#PersistenceSniper version 1.13.0 is out! In this release, along with some minor bugfixes, 2 new detections have been implemented: RID hijacking and the Suborner attack. Check it 👇 github.com/last-byte/Pers…

Bypass Reflect XSS working on ASPNET Generic Microsoft WAF (detected by AFW00F) <details%0Aopen%0AonToGgle%0A=%0Aabc=(co\u006efirm);abc(`VulneravelXSS`%26%2300000000000000000041// #bugbountytip #bugbounty #bugbountytips #xss

It's a bittersweet moment, but our series of "Attacking an EDR" has come to an end! Me and Riccardo hope that you had as much fun reading it as we had writing it. her0ness.github.io/2023-11-07-Att…

Congratulations to Electroxero for the rare distinction of clearing our Certified Red Team Master exam! #GCBLab #CRTM #AlteredSecurity cc Nikhil Mittal alteredsecurity.com/gcb

Thank you, it was a wonderful course and exam!