When CS:GO clients connected to our server, they got more than a game. We found 3 RCE vulnerabilities to give clients an unexpected 'welcome'. Ready for a deep-dive? 🎮🔧🎆 neodyme.io/blog/csgo_from… #InfoSec #CSGO #Exploit

Path traversal in nuxt huntr.dev/bounties/4849a… when you "/_nuxt/Felipe Silva" in JS script or even in HTML that mean the Dev is enable :) have fun

My very first project created a new C2 (ab)using Zoom API to host the C2 traffic. With a c++ written Implant.🚀 Link to the Github repository: github.com/0xEr3bus/Shado… #redteam #infosec #BugBounty #C2 #cybersecurity

Atlas by sec77 is coming to Vulnlab on Thursday - prepare some ☕️ and join the action!

Creating Windows hacking labs has gotten a lot easier with this new tool I've developed: It's a reverse engineering of Microsoft's hidden downloading API - fully automated to always grab the most up-to-date Windows ISO so you never have to do it again! 🚀 github.com/ElliotKillick/…

In our latest post, Matt Johnson details how we were able to publish a malicious VSCode extension to the marketplace and leverage it for initial access during a red team mdsec.co.uk/2023/08/levera… vimeo.com/853281700?shar…

A new Red Team Lab, Shiva, is coming to Vulnlab next week! This time you get to test a hardened Hybrid-AD environment that involves: - Hybrid-AD with 10+ machines & active users - Cloud exploitation - SIEM, EDR on Clients & Servers - Common enterprise software - No CVEs

Happy to share that I will try to run my own business as a side hustle starting at the beginning of next year. If you are a German follower and are interested or know someone, please feel free to reach out to me. Some info, details etc. can be found here: ds-itconsulting.de/index.html

Exploiting CVE-2024-20656, a Local Privilege Escalation in the VSStandardCollectorService150 Service mdsec.co.uk/2024/01/cve-20… - new research from Filip Dragovic

Perlite 1.5.8 is realeased and comes with a new profile section github.com/secure-77/Perl…

It's been a while since I've solved something on Vulnlab Easter weekend and the new Tengu chain by r0BIT are a good time to start again! If you get stuck, you can check out my writeup! notes.secure77.de/?link=%2FWrite… Happy Easter! 🐰

If someone is interested in patching Android apps, I've published a new (beginner) blog post that I wrote some time ago. It's a pretty simple app, but maybe helpful if you've never touched an Android app secure77.de/how-to-mod-a-s…

Excited to announce our new blog post on new event handlers to trigger XSS! Huge thanks to Bojan Zdrnja for making this happen and to PortSwigger Research for their awesome XSS cheat sheet, now featuring these techniques. infigo.hr/en/insights/46…

Sharing a new mini research technique that abuses HTML injection to leak data cross-domain. This blogpost connects couple of client-side concepts and a Chrome/RFC Referrer-Policy bug. Inspired by Gareth Heyes \u2028 recent CSP bypass techniques, enjoy :) infigo.is/en/insights/47…

Great Shazzer vector from Mateo Hanžek shows what characters don't change the host after the domain shazzer.co.uk/vectors/6779e4…

I have published a new blog post describing several vulnerabilities that can be chained to get unauthorized RCE in Smart Time Plus < 8.6. secure77.de/smart-time-plu…

Ten days left. The warm-up fades. Maultaschen were soft. Bean Beats were dark and burnt. But the beats of #ULMageddon will be brutal! #applyIfYouCan

New Perlite Release 1.6.1 github.com/secure-77/Perl…

StrelaStealer 2026 variant, this is my fist blog post about malware 👀 secure77.de/strelastealer-…

New Writeup: Malware deep dive into Zero2Automated Cruloader, a 3-stage malware using RC4+XOR encryption, API hashing via custom ROT13/CRC32, and process hollowing into svchost.exe. #MalwareAnalysis #ReverseEngineering notes.secure77.de/WriteUps/Zero2…