Threat Hunting workshop from Teymur on #phdays 2018 slides speakerdeck.com/heirhabarov/ph… and lab yadi.sk/d/qB1PNBj_3ViW…. Also check out his previous talk at #zeronights 2017.zeronights.org/wp-content/upl…

We've gathered some statistical data based on results of security assessment engagements performed in 2017 by Kaspersky Lab Security Services team. github.com/klsecservices/…

Symantec Messaging Gateway authentication bypass vulnerability discovered by Artem Kondratenko, Gifts and Arseniy Sharoglazov artkond.com/2018/10/10/sym…

Just released s7scan by Danila Parnishchev, a tool for enumerating Siemens S7 PLCs that supports both TCP/IP and LLC networks github.com/klsecservices/…

Insomni'hack 2019 #CTF teaser Droops writeup gist.github.com/paul-axe/2a384…

Slides (2018.zeronights.ru/wp-content/upl…) and video (youtube.com/watch?v=Jmv-0P…) for my research about redis post exploitation ZeroNights

Watch Vlad (vos) from LC↯BC get pwned live on YouTube this saturday! Mar 9th 15:00 UTC. Kudos to Calle Svensson for hosting such great stuff

Fingerprint java library versions by their stacktraces, cool! beanstack.io by X41 D-SEC GmbH

My WCTF 2019 challenge source code and solution: github.com/paul-axe/ctf/t…

Paged Out! #1 is out! (and it's free to download!) pagedout.institute/?page=issues.p… There are 57 articles in 12 categories: Electronics Programming Assembly Reverse Engineering Sec/Hack Retro File Formats Algorithmics SysAdmin Radio Phreaking OS Internals Enjoy! #PagedOut!

Freshly patched RCE in PHP-FPM: bugs.php.net/bug.php?id=785… Exploit: github.com/neex/phuip-fpi… Many nginx+PHP configurations vulnerable, watch out!

Slides for my "ZN PWN Challenge" talk on ZeroNights 2019: zeronights.ru/wp-content/the…

My WCTF 2020 challenge source code and solution: github.com/paul-axe/ctf/t…

Every BurpSuite update i think that I would never update again. Hey, PortSwigger, how am I supposed to see response body in HEX now?

I've just released the source code for 1u.ms at github.com/neex/1u.ms. PRs are welcome :)

Nano-#ctf for my 30th birthday: execute system('id') by providing <=280 bytes of stdin to the script code = input() for c in 'hui"\'(': assert c not in code exec(code, {'__builtins__': {}}) run on Python 3.9.2+Linux (=python:latest). Will send .031337 ETH to the first pwner

I just posted a write-up on how I leaked uninitialized memory (e.g., other users' HTTP requests/responses) from Fastly using a bug in the H2O webserver. Also, there you can learn a fraction of how HTTP/3 + QUIC works) medium.com/@emil.lerner/l…

All this CA stuff was cursed, but now, when CAs revoke certificates on a geographical basis, it is especially clearly visible.

#Vulhub Redis Lua Sandbox Escape && RCE (CVE-2022-0543) Awesome vulnerability, without any binary technique, just one Redis command. So how to reproduce the vulnerability: github.com/vulhub/vulhub/… Original vulnerability reference: ubercomp.com/posts/2022-01-…

Need to send a cross-origin Post request without Content-Type header? Just create a Blob without type and send it using fetch or beacon API. It can be useful for bypassing a buggy CSRF-protection. xxx.dbggl.pw/send_no_ct.html