The latest Burp Scanner release natively reports vulnerable JavaScript libraries.

In Texas, Lake Highlands High School valedictorian, Paxton Smith, switched out her approved speech to talk about abortion rights.

Finally finished testing it, it's quite brutal! Network access to full AD takeover... I really underestimated the impact of NTLM relay on PKI #ESC8 😱The combo with PetitPotam is awesome ! Everything is already published to quickly exploit it ...

▶️ Time to harden your AD CS HTTP interface to fully block this path, a pretty good recommendation in SpecterOps paper (take a look at page 113) specterops.io/assets/resourc…

I don't normally aim to drop 0-day, but pre-recording makes it tricky. If you've got an Apache front-end that supports HTTP/2 and enforces any important security rules, please watch this talk. x.com/albinowax/stat…

saviorNT Microsoft Threat Intelligence You’ll never get paid more for what you do if you never do more than what you get paid for. Truth.

I've added Log4Shell detection to ActiveScan++. Grab v1.0.23 from here: github.com/PortSwigger/ac…

Find evidence of log4j usage on Linux servers with these 3 commands ps aux | egrep '[l]og4j' find / -iname "log4j*" lsof | grep log4j Find places to which your applications write logs lsof | grep '\.log' #log4shell #log4j

Cache Poisoning at Scale: Identifying and Exploiting over 70 Cache Poisoning Vulnerabilities youst.in/posts/cache-po…

Template Injection in Action: 2-hour workshop on Template Injection (SSTI) gosecure.github.io/template-injec… #ssti #hacking #cybersecurity #bughunting

Burp Suite now runs natively on Apple M1 machines. And yes, it's FAST.

DevOps is just explicitly emphasizing what was always true: System administration is better when you do it with friends.

CVE -2022-21882,Easy to Exploited

Beginner hacking tutorials be like: 😶

The recordings from #BHEU have just landed on youtube! If you're going to watch just one, I'd recommend "Practical HTTP Header Smuggling: Sneaking Past Reverse Proxies to Attack AWS and Beyond" by Daniel Thatcher/Intruder youtube.com/watch?v=RAtpG6…

If you miss the speed/simplicity of the Spider from Burp Suite 1.7, this mode offers something similar

And finally, a technical analysis on how James Horseman and Zach Hanley reversed the patch and developed the POC for CVE-2022-1388: horizon3.ai/f5-icontrol-re… #f5 #CyberSecurity

Anthropic has released Free AI courses on: - Prompt Engineering - Building agents - Best practices for Agentic Coding - Collaborate with AI systems .... and so much more! 9 best guides you don’t want to miss: