-
It's currently possible to bring a brute forcing attack to globaleaks users.
The features to be properly implemented we should follow the guideline of the document Application Security Design and Det…
-
validate that findings, in particular those ones related to authN/authZ are not dependent of the pentesting environment
but actual exposures of the product
https://www.notion.so/weaveworks/Weave-…
-
This is a (multiple allowed):
* [x] bug
* [ ] enhancement
* [ ] feature-discussion (RFC)
* CakePHP Version: 4.1 stable composer
* Platform and Target: nginx 1.14.2, mysql 8.0.20, php 7.4.x
…
-
Hello,
I'm an xfd in DDOS attack security.
I help maintain "peace" and destroy DDOS attacks.
I see you're promoting attacks like this.
I just sent a request to the korea / paypal and international…
-
**About SecurityWeek Cyber Insights \|** _At the end of 2022, SecurityWeek liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security is…
-
Is it even possible the get the shell (wiht the HID wifi Background) with admin right
while having UAC enabled ?
-
From https://www.christian-schneider.net/CrossSiteWebSocketHijacking.html, if somebody wasn't using CSRF tokens, it seems like it would be possible for any malicious website to open up a web socket to…
-
There are use cases like "Change / Manage password " where you mask the information that you have typed in a chatbot with "*" . Having this enabled will allow this to be implemented in many use cases…
-
Many pentesters teams and companies grow to become a fully managed security service provider with more than just penetration testing projects.
Having only 3 categories restrict what our users can d…
-
Your PoC video to bruteforce the users pin code glosses over one important factor
1. A pin is not the only way to secure your device. Using a full blown password is also an option
2. Application…