"Docker Container Escape PoC (CVE-2019-5736) in Go."

Would be great if all PoC come with a detailed writeup like this one.


"Facebook CSRF protection bypass which leads to Account Takeover."

Great find and writeup. Worth $25,000 by FB


"Pwning WPA/WPA2 Networks With Bettercap and the PMKID Client-Less Attack "

Solid writeup for his tool (bettercap) @evilsocket@twitter.com.
Still need a big cracking ring to be interesting.


Gorsair: Gorsair is a tool that hacks its way into remote docker containers that expose their APIs.


CloudBunny: CloudBunny is a tool to capture the real IP of the server that uses a WAF as a proxy or protection. In this tool we used three search engines to search domain information: Shodan, Censys and Zoomeye.


"Privilege Escalation in Ubuntu Linux (dirty_sock exploit)" - January 2019

Good find and complete writeup.


"How I abused 2FA to maintain persistence after a password change (Google, Microsoft, Instagram, Cloudflare, etc)"

TL:Dr: Waiting in the 2FA page could allow you to log in without knowing the current password in many major websites.


"Joomla Global Configuration Text Filter settings Stored XSS Vulnerability (CVE-2019-6263 Exploit) "

Impact limited as you need to be logged in as admin in Joomla already.


ct-exposer : An OSINT tool that discovers sub-domains by searching Certificate Transparency logs


dnstwist : Domain name permutation engine for detecting typo squatting, phishing and corporate espionage


ES File Explorer Open Port Vulnerability - CVE-2019-6447

Outch, once again great find from @fs0c131y@twitter.com .
Thankfully limited as attacker need to be on same local network than the victim.


A look at how LinkedIn spies on its users by scanning their installed browser extensions.

Cat and mouse game continue. Smart trick used by phishers.

"Phishing template uses fake fonts to decode content and evade detection"


"Kick-start your code obfuscation techniques"

Nice read, too bad cats pictures cover a few slides...


A response to “We are Google employees, Google must drop DragonFly”.

I’m Chinese, Google’s DragonFly must go on.


Show more

Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!