Research Hub

Investigating PrivEsc Methods in AWS In 2018, Spencer Gietzen wrote an excellent article on privilege escalation in AWS, identifying 21 separate methods across various AWS services. I have often used Spencer’s …

Read Story

All code references in this post are also available in the CVE-2019-18935 GitHub repo. Telerik UI for ASP.NET AJAX is a widely used suite of UI components for web applications …

Read Story

Build secure Salesforce web applications and pass the SFDC AppExchange security review. As with any web application, it’s important to follow secure development practices when building an application on the …

Read Story

Eyeballer is an AI-powered, open source tool designed to help penetration testers assess large-scale external perimeters. About Eyeballer Give those screenshots of yours a quick eyeballing. Eyeballer is meant for …

Read Story

Introducing ZigDiggity, a ZigBee testing framework created by Bishop Fox. About ZigDiggity ZigDiggity version 2 is a major overhaul of the original package and aims to enable security auditors and developers to run …

Read Story

Cross-platform General Purpose Implant Framework Written in Golang Senior Security Associate Joe DeMesy and Security Associate Ronan Kervella are the researchers behind the creation and maintenance of Sliver. They introduced …

Read Story

GitGot is a semi-automated, feedback-driven tool to empower users to rapidly search through troves of public data on GitHub for sensitive secrets. How GitGot Works During search sessions, users will …

Read Story

Subscribe by Email