OUR LATEST RESEARCH
Introducing 'XSS Payloads' repository: Cross Site Scripting doesn't have to be boring
Sometimes, particularly when dealing with a system perimeter, there’s very little attack surface to deal with. You may find yourself with not much more than boring old XSS to poke at. We feel your pain. The good [...]
What is the jailbreak for iOS 9.3.3 actually doing?
Many people who jailbreak their devices are unaware of the vulnerabilities being exploited in order to gain privileged access to the underlying iOS operating system. Users typically jailbreak devices in order to install applications that [...]
Nettitude Labs release PoshC2 v1.0, a command and control framework
PoshC2 is a proxy aware command and control framework written completely in PowerShell. It is designed to aid penetration testers with red teaming, post-exploitation and lateral movement. […]
QNAP Android: Don't Over Provide
The QNAP Android applications Qnotes 1.1.8.0128 and Qget 2.0.1.1029 suffer from unintended data leakage. A malicious process can use this vulnerability to gain access to cached data and logon credentials for the back-end NAS device. [...]
Escaping the Avast sandbox
An Avast Sandbox escape, CVE-2016-4025, is possible due to a design flaw in the Avast DeepScreen feature. It is likely that this flaw will remain in supported Avast products for some time. […]