unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
CVE-2023-27997 Vulnerability Scanner for FortiGate Firewalls
TL;DRBishop Fox has developed a tool to quickly check if a remote FortiGate firewall is affected...
2023-6-21 05:0:0 | 阅读: 9 |
收藏
|
bishopfox.com - bishopfox.com
fortigate
27997
memory
statistic
overflow
Introducing CloudFoxable: A Gamified Cloud Hacking Sandbox
CloudFox helps penetration testers and security professionals find exploitable attack paths in clo...
2023-6-13 22:0:0 | 阅读: 3 |
收藏
|
bishopfox.com - bishopfox.com
cloud
security
github
cloudfox
Power Up Your Pen Tests: Creating Burp Suite Extensions with the New Montoya API
As a security consultant who spends a lot of time testing web applications, Burp Suite is the soft...
2023-5-25 21:0:0 | 阅读: 2 |
收藏
|
bishopfox.com - bishopfox.com
burp
montoya
burpcage
kotlin
proxy
A More Complete Exploit for Fortinet CVE-2022-42475
BackgroundRecently, there has been some buzz about remotely exploitable vulnerabilities in Fortin...
2023-5-17 19:0:0 | 阅读: 3 |
收藏
|
bishopfox.com - bishopfox.com
shellcode
payload
mprotect
fortigate
memory
What the Vuln: EDR Bypass with LoLBins
IntroductionIn a world of ever-evolving cybersecurity threats, endpoint detection and response so...
2023-3-23 22:0:0 | 阅读: 8 |
收藏
|
bishopfox.com - bishopfox.com
c2
download
windows
attacker
What the Vuln: Zimbra
What the Vuln is a new series where in each episode our offensive security experts and hackers dee...
2023-2-21 20:0:0 | 阅读: 3 |
收藏
|
bishopfox.com - bishopfox.com
zimbra
network
zimbraadmin
bf
jetty
Spoofy: An Email Domain Spoofing Tool
Email is an essential tool in modern communication; however, the underlying technology is often ta...
2023-2-1 23:0:0 | 阅读: 1 |
收藏
|
bishopfox.com - bishopfox.com
spoofy
spf
spoofing
dmarc
spoof
Cloud Penetration: Not Your Typical Internal Testing
This blog originally appeared on SethSec: https://sethsec.blogspot.com.There seems to be a common...
2023-1-11 00:0:0 | 阅读: 0 |
收藏
|
bishopfox.com - bishopfox.com
cloud
realize
ec2
tooling
security
160K COVID-19 Records: Vulnerability in Avicena Medical Laboratory
Electronic health records (EHR) and personally identifiable information (PII) are highly sought by...
2022-12-10 00:0:0 | 阅读: 0 |
收藏
|
bishopfox.com - bishopfox.com
avicena
ks
kos
php
ipko
The State of Vulnerabilities in 2022
“You’re only as strong as your weakest link.” Or in the cyber space – vulnerabilities. By keeping...
2022-10-19 23:0:0 | 阅读: 3 |
收藏
|
bishopfox.com - bishopfox.com
gitlab
security
ssrf
bounties
(In)Secure by Design
In 2021, design as a security concern became a top-of-mind issue for application security professio...
2022-9-22 22:30:0 | 阅读: 0 |
收藏
|
bishopfox.com - bishopfox.com
security
injection
modeling
development
Introducing: CloudFox
CloudFox helps you gain situational awareness in unfamiliar cloud environments. It’s a command line...
2022-9-13 20:0:0 | 阅读: 3 |
收藏
|
bishopfox.com - bishopfox.com
cloudfox
cloud
rds
database
security
Solving the Unredacter Challenge
OverviewSerious security researchers are constantly monitoring industry happenings for interesting...
2022-9-8 23:0:0 | 阅读: 3 |
收藏
|
bishopfox.com - bishopfox.com
blur
gimp
blurred
reverse
gaussian
You're (Still) Doing IoT RNG
It’s been a whole year since Allan Cecil and I, Dan Petro, gave our presentation at DEF CON 29 deta...
2022-8-24 21:0:0 | 阅读: 0 |
收藏
|
bishopfox.com - bishopfox.com
entropy
csprng
hardware
rng
quantity
An Introduction to Bluetooth Security
Bluetooth is an established yet growing technology that allows the exchange of data between device...
2022-6-28 04:0:0 | 阅读: 0 |
收藏
|
bishopfox.com - bishopfox.com
security
tk
exchange
association
pairing
Using CloudTrail to Pivot to AWS Accounts
When performing cloud penetration tests (CPTs), the goal is to find and exploit high-severity issu...
2022-6-8 00:30:0 | 阅读: 0 |
收藏
|
bishopfox.com - bishopfox.com
cloudtrail
assumedrole
assumerole
arn
ripgen: Taking the Guesswork Out of Subdomain Discovery
In our most recent Tool Talk, we featured ripgen, a super-fast tool for conducting subdomain disco...
2022-6-2 04:0:0 | 阅读: 6 |
收藏
|
bishopfox.com - bishopfox.com
subdomain
ripgen
staging
security
Call of DeFi: The Battleground of Blockchain
Last year, decentralized finance (DeFi) grew tremendously, not only in usage, but also in cybersec...
2022-5-24 20:0:0 | 阅读: 1 |
收藏
|
bishopfox.com - bishopfox.com
defi
security
wallets
hacks
Ruby Vulnerabilities: Exploiting Dangerous Open, Send and Deserialization Operations
On a recent assessment, I tested a Ruby on Rails application that was vulnerable to three of the m...
2022-5-18 00:0:0 | 阅读: 0 |
收藏
|
bishopfox.com - bishopfox.com
gem
oj
rails
tarreader
payload
Our Top 9 Favorite Fuzzers
In keeping with our new tradition of crowdsourcing pen testing tool list topics (like this cloud p...
2022-4-19 23:0:0 | 阅读: 0 |
收藏
|
bishopfox.com - bishopfox.com
fuzzer
creator
unicorn
security
libfuzzer
Previous
2
3
4
5
6
7
8
9
Next