it is crazy to me that we still cannot do this

I'm happy to release a script gadgets wiki inspired by the work of @slekies, @kkotowicz, and @sirdarckcat in their Black Hat USA 2017 talk! 🔥

The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇

gmsgadget.com

1/4

Trix Shots: Remote Code Execution on Aviatrix Controller | Google Cloud Blog Red team case study detailing the discovery of two critical vulnerabilities in the Aviatrix Controller software.

wrote some words about vulnerabilities i found in Aviatrix during a red team cloud.google.com/blog/topics/...

The Signal Clone the Trump Admin Uses Was Hacked TeleMessage, a company that makes a modified version of Signal that archives messages for government agencies, was hacked.

TeleMessage, the Israeli company that makes the modified Signal app used by Trump officials, was hacked. “I would say the whole process took about 15-20 minutes,” the hacker said micahflee.com/the-signal-c...

🚀 Another plugin in the Caido Store!

Introducing "Data Grep" by @bebiksior.

Extract data from requests and responses. Great for building wordlists, finding secrets, or powering your recon.

Check it out: github.com/caido-commun...

Got sniped into the challenge and ended up doing some cool XSS research :D

11 char XSS with mind-boggling race-conditions.

TL;DR the final payload is location=x (10 chars) and the longest is top.Z.x=x.d (11 char)

It's shorter than location=name !!

terjanq.me/solutions/jo...

Bridging the Gap: Elevating Red Team Assessments with Application Security Testing | Google Cloud Blog Red team and targeted external assessments should incorporate application security expertise to better simulate modern adversaries.

I wrote a thing with my colleague Ilyass El Hadi (0xc0ffee_) & Charles Prevost, about how we've been leveraging offensive webapp testing during Red Teams. 4 use cases of external breaches using webapps inside, enjoy! #appsec

cloud.google.com/blog/topics/...

Environments are something I've wanted for a while now.

My latest blog post is live! nastystereo.com/security/cro...

Read how to send a cross-site POST without including a Content-Type header (without CORS). It even works with navigator.sendBeacon

Flatt Security XSS Challenge Execute alert(origin) on each challenge origins.

Been having a ton of fun solving these, only 2/3 done and i'm quite humbled so far
challenge-xss.quiz.flatt.training

add that to the reasons to stop using bash in production pipelines yossarian.net/til/post/som... #security #cicd #appsec

yeah wrote this yrs ago, would not use this as-is 😂

sudo-backdoor/sudo at master · ldionmarcil/sudo-backdoor Wraps sudo; transparently steals user's credentials and exfiltrate over DNS. For those annoying times when you get a shell/file write on a sudoers account and need to leverage their credentials...

shocking how efficient this method is. patience > crazy exploits
github.com/ldionmarcil/...