Blog post: Top 10 web hacking techniques of 2018: The Final Verdict portswigger.net/blog/top-10-we…

Analysis for【CVE-2019-5418】File Content Disclosure on Rails chybeta.github.io/2019/03/16/Ana…

A 10k bounty tale writeup by our team member Ahmed Sultan 🇪🇬🇵🇸, explaining the exploitation of SQL injection issue inside insert query where it wasn't possible to use commas as part of the exploit payload. blog.redforce.io/sql-injection-… Happy reading

Apache Local Root: CVE-2019-0211: Vulnerability description. Exploit will come later. cfreal.github.io/carpe-diem-cve…

Kerberoasting revealed. The 1st part of Microsoft Kerberos implementation attacks series by our team member @Hatemsec . blog.redforce.io/oh-my-kerberos… Happy reading. #PenTest #redteam

Just released viewgen, a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys or web.config files. All algorithms supported. TL;DR: Got a web.config file or LFI on ASP.NET? Pop a shell! github.com/0xACB/viewgen

"There is no pre-auth RCE in Jenkins since May 2017, but this is the one!" Relase a more reliable and elegant exploit - "awesome-jenkins-rce-2019" from my #HITB2019AMS talk. Thanks Mikhail Egorov and George Noseevich join this party! github.com/orangetw/aweso…

Jenkins pentesting notes and scripts github.com/gquere/pwn_jen…

We are Hiring, check the link for more details wuzzuf.net/jobs/careers/R…

We are hiring, Front-end Developer check the link for more details wuzzuf.net/jobs/p/263316-…

We are hiring, Back-end Developer check the link for more details wuzzuf.net/jobs/p/263320-…

We are hiring, Sales Executive check the link for more details wuzzuf.net/jobs/p/263321-…

We are hiring, Sales Executive check the link for more details wuzzuf.net/jobs/p/263324-…

This will have huge impact!, another great example on how RCE can be achieved on OWA easily through ViewState deserialization attack. Red Teamers it's your chance now :) thezdi.com/blog/2020/2/24…

Attacking Helpdesks (Part 1): Remote Code Execution (#RCE) chain on #Deskpro with #Bitdefender as a case study. Full technical details to #exploit RCE inside. blog.redforce.io/attacking-help… #BugBounty #websecurity #infosecwriteup

Twig 3 SSTI RCE {{['cat${IFS}/etc/passwd']|filter('system')}} x.com/Black2Fan/stat…

We have updated the article with another "UNPATCHED" vector to achieve RCE. Thanks Mahmoud Gamal for the heads up. blog.redforce.io/attacking-help…

We've just published the 1st part of the Windows authentication attacks series. blog.redforce.io/windows-authen… The series suppose to cover the NTLM/Kerberos authentication in detail as well as how their attacks work. Happy reading, and stay tuned for part 2.

Our team member Ahmed Sultan 🇪🇬🇵🇸 just published the 2nd part of windows authentication attacks. This part covers Kerberos authentication process and technical analysis of widely used Kerberos attacks. blog.redforce.io/windows-authen… Happy reading

The video about blind SSRF in Google Cloud for which David Nechuta got $31k is out! Watch it to see how it's sometimes possible to exfiltrate data with blind SSRFs. You can also test your own skills with hands-on lab 😎 Enjoy! youtu.be/ashSoc59z1Y