Research Hub

Did you know that Elastic Block Store (Amazon EBS) has a "public" mode that makes your virtual hard disk available to anyone on the internet? Apparently, hundreds of thousands of …

Read Story

Investigating PrivEsc Methods in AWS In 2018, Spencer Gietzen wrote an excellent article on privilege escalation in AWS, identifying 21 separate methods across various AWS services. I have often used Spencer’s …

Read Story

All code references in this post are also available in the CVE-2019-18935 GitHub repo. Telerik UI for ASP.NET AJAX is a widely used suite of UI components for web applications …

Read Story

This is the companion dictionary of the Cybersecurity Style Guide. The cyber.dic dictionary file can be added to your word processor to augment its standard spellcheck list. This is a resource …

Read Story

Eyeballer is an AI-powered, open source tool designed to help penetration testers assess large-scale external perimeters. About Eyeballer Give those screenshots of yours a quick eyeballing. Eyeballer is meant for …

Read Story

Introducing ZigDiggity, a ZigBee testing framework created by Bishop Fox. About ZigDiggity ZigDiggity version 2 is a major overhaul of the original package and aims to enable security auditors and developers to run …

Read Story

Cross-platform General Purpose Implant Framework Written in Golang Senior Security Associate Joe DeMesy and Security Associate Ronan Kervella are the researchers behind the creation and maintenance of Sliver. They introduced …

Read Story

GitGot is a semi-automated, feedback-driven tool to empower users to rapidly search through troves of public data on GitHub for sensitive secrets. How GitGot Works During search sessions, users will …

Read Story

Subscribe by Email