Exploit for Unrestricted Upload of File with Dangerous Type in Wordpress

WordPress Crop Image RCE — CVE-2019-8942 / CVE-2019-8943 Pyth...

Exploit for Deserialization of Untrusted Data in Microsoft

WSUS Security Research Toolkit !Pythonhttps://img.shields...

cl-cybersec-pysxss

XSS WAF Lab – Payload Generator This project studies how Web...

Exploit for CVE-2025-23266

cve-2025-23266-migration-bypass cve...

Exploit for Command Injection in Fit2Cloud 1Panel

https://github.com/hophtien/CVE-2025-54424/releaseshttps://gi...

Exploit for CVE-2018-9995

PoC exploit for CVE-2018-9995. This exploit targets a vulnerability in a DVR system, allowing for remote code execution. The exploit is written in Python and uses the requests library to send HTTP requests to the vulnerable system. The exploit first defines a function to get the system's response...

Getting ATT&CKed By A Cozy Bear And Being Really Happy About It: What MITRE Evaluations Are, and How To Read Them

Full disclosure: I am a security product testing nerd. I’ve been following the MITRE ATT&CK Framework for a while, and this week the results were released of the most recent evaluation using APT29 otherwise known as COZY BEAR. First, here’s a snapshot of the Trend eval results as I understand the...

How to: Kerberoast like a boss

Kerberoasting: by default, all standard domain users can request a copy of all service accounts along with their correlating password hashes. Crack these and you could have administrative privileges. But that’s so 2014. Why write a blog post about this in 2019 then? It still works well, yet there...

Trend Micro Antivirus for Mac 2019 is Certified by AV-TEST with Top Scores for Protection, Performance, and Usability

Current and potential users of the latest edition of Trend Micro Antivirus for Mac v9.0, for 2019 will be pleased to know that it achieved MacOS Certification and top scores in all three categories in the recent AV-TEST Product Review and Certification Report – Dec/2018. Trend Micro Antivirus for...

WireX update: UDP attack capabilities

Akamai would like to acknowledge the research by F5 containing additional information on the capabilities of this malware, released September 2nd. Finding new features The WireX botnet was discovered due to its role in a series of prolonged attacks against several organizations. It was brought to...

KeeFarce - Extracts Passwords From A Keepass 2.X Database, Directly From Memory

KeeFarce allows for the extraction of KeePass 2.x password database information from memory. The cleartext information, including usernames, passwords, notes and url's are dumped into a CSV file in %AppData% General Design KeeFarce uses DLL injection to execute code within the context of a runnin...