OUR LATEST RESEARCH
Introducing SharpConflux
Today, we are releasing a new tool called SharpConflux, a .NET application built to facilitate Confluence exploration. It allows Red Team operators to easily investigate Confluence instances with the goal of finding credential material and [...]
CVE-2024-25153: Remote Code Execution in Fortra FileCatalyst
CVE-2024-25153, a critical Unsafe File Upload and Directory Traversal vulnerability in Fortra FileCatalyst, allows a remote unauthenticated attacker to gain Remote Code Execution (RCE) on the web server. This affects Fortra FileCatalyst Workflow 5.x, before [...]
Introducing Yasha – Yet Another Security Header Analyser
Silencing the Collective Groan Security headers. Everyone’s encountered them. Security testers find them on every web application test, and it can be tedious work identifying these weaknesses that usually have low impact and low probability [...]
BloreBank ChatBot – Introducing our Prompt Injection Game
BloreBank Chatbot is a prompt injection game where you try to trick the AI into giving away sensitive information. With 10 levels, each one adds new safeguards against these tricks, making it tougher to get [...]
Para Bailar La Bambda: Contributing to Burp Suite’s New Filtering Capabilities
A great deal of security tools involve simply finding what you need — they have magnets for needles in a haystack! PortSwigger's Burp Suite is no different, and in this post I will introduce the [...]