Microsoft vs. Storm-0558
Last week Microsoft disclosed how China-based threat actor Storm-0558 managed to the secret keys for access to OWS and Outlook.com. There were 3 things that lead to the breach.
How to set up NodeZero Host on MacOS with UTM
I first heard about Horizing3.ai through a reddit post on /r/cybersecurity. They are a security vendor that takes an interesting angle on security...
TunnelCrack Can Leak VPN Data
An adversary can abuse these vulnerabilities to leak traffic outside the VPN tunnel. Our tests indicate that every VPN product is vulnerable on at least one device. We found that VPNs for iPhones, iPads, MacBooks, and macOS are extremely likely to be vulnerable
Real World Code Review Vulnerability in a Next.js App
I recently worked on a Next.js codebase that had a vulnerability in an API endpoint called update-profile that would allow any authenticated user to modify the details for any other users...
Interesting Projects
- Project
- Payloads All The Things
- Type
- Pentesting
- Project
- Web Check
- Type
- OSINT
- Project
- Hurl
- Type
- Endpoint Testing
- Project
- Cognitive Load Handbook
- Type
- Resource
- Project
- Snyk
- Type
- Secure Coding
- Project
- Password Game
- Type
- Fun