Towards a Cognitive-Support Tool for Threat Hunters

Cybersecurity increasingly relies on threat hunters to proactively identify adversarial activity, yet the cognitive work underlying threat hunting remains underexplored or insufficiently supported by existing tools. Building on prior studies that examined how threat hunters construct and share...

Exploit for SQL Injection in Fortinet Fortiweb

CVE-2025-25257 Exploits for CVE-2025-25257 released by watchto...

Malicious code in node-oauth-walkthrough (npm)

The package node-oauth-walkthrough was found to contain malicious code...

MAL-2025-27636 Malicious code in node-oauth-walkthrough (npm)

The package node-oauth-walkthrough was found to contain malicious code...

MAL-2025-28020 Malicious code in oauth-walkthrough (npm)

The package oauth-walkthrough was found to contain malicious code...

Malicious code in oauth-walkthrough (npm)

The package oauth-walkthrough was found to contain malicious code...

Wiz Data Foundations: Where’s My Sensitive Data—And Who Can Access It?

A hands-on walkthrough of how to use Wiz to find sensitive data and uncover who can access it...

CloudGoat Official Walkthrough Series: ‘sqs_flag_shop’

The post CloudGoat Official Walkthrough Series: ‘sqsflagshop’ appeared first on Rhino Security Labs...

CloudGoat Official Walkthrough Series: ‘glue_privesc’

The post CloudGoat Official Walkthrough Series: ‘glueprivesc’ appeared first on Rhino Security Labs...

CloudGoat goes Serverless: A walkthrough of Vulnerable Lambda Functions

The post CloudGoat goes Serverless: A walkthrough of Vulnerable Lambda Functions appeared first on Rhino Security Labs...

Exploit for Authentication Bypass by Spoofing in Apache Apisix

CVE-2022-24112-POC Apache APISIX 2.12.1 Rem...

Garrett Metal Detectors iC Module CMA run_server_6877 authentication bypass vulnerability

Summary An authentication bypass vulnerability exists in the CMA runserver6877 functionality of Garrett Metal Detectors iC Module CMA Version 5.0. A properly-timed network connection can lead to authentication bypass via session hijacking. An attacker can send a sequence of requests to trigger th...

CloudGoat ECS_EFS_Attack Walkthrough

The post CloudGoat ECSEFSAttack Walkthrough appeared first on Rhino Security Labs...

CloudGoat AWS Scenario Walkthrough: “EC2_SSRF”

The post CloudGoat AWS Scenario Walkthrough: “EC2SSRF” appeared first on Rhino Security Labs...

Exploit for Improper Privilege Management in Centreon

CVE-2019-19699 Centreon =\ After logging in we navi...

Lockdoor Framework - A Penetration Testing Framework With Cyber Security Resources

Lockdoor Framework : A Penetration Testing Framework With Cyber Security Resources. 09/2019 : 1.0Beta Information Gathring Tools 21 Web Hacking Tools15 Reverse Engineering Tools 15 Exploitation Tools 6 Pentesting & Security Assessment Findings Report Templates 6 Password Attack Tools 4 Shell Tool...

CloudGoat Official Walkthrough Series: “rce_web_app”

The post CloudGoat Official Walkthrough Series: “rcewebapp” appeared first on Rhino Security Labs...

Encryption 101: decryption tool code walkthrough

We have reached the final installment of our Encryption 101 series. In the prior post, we walked through, in detail, the thought process while looking at the Princess Locker ransomware. We talked about the specific ways to narrow down the analysis toward the encryption portions, the weaknesses in...

CVE-2014-7064

The ben10 omniverse walkthrough aka com.wben10omniverse2walkthrough application 0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-7064

The CVE-2014-7064 entry concerns the Android app ben10 omniverse walkthrough (com.wben10omniverse2walkthrough) version 0.7, where TLS/SSL certificate validation is not performed. This missing certificate verification enables man-in-the-middle attackers to spoof SSL servers and obtain sensitive in...