DeadSec has just achieved an impressive 2nd place finish in the Incognito 4.0 CTF! Our team worked tirelessly to secure this achievement, and we're incredibly proud! And Congratulations to thehackerscrew for the 1st place!

DeadSec CTF 2023 has come to an epic conclusion! 🎉🔓 Huge congrats to all the participants who showcased their hacking skills and made it an unforgettable event. Special thanks to our sponsors (OffSec - Google Cloud - Wolfram) .

#BHMEA2023

#BHMEA2023

#BHMEA2023

#BHMEA2023

#BHMEA2023

Full time bug hunter 😎

Writeup for backdooredness from the 2023 Asis CTF. It was fun learning about the inner workings of the NES environment! Check it out here👉 gold3nb0y.github.io/blog/posts/asi…

speak soon. CVE-2024-4577, Argument Injection in PHP-CGI

Authorization Bypass in Next.js Middleware - CVE-2025-29927 research paper soon!

NetExec v1.4.0 has been released! 🎉 There is a HUGE number of new features and improvements, including: - backup_operator: Automatic priv esc for backup operators - Certificate authentication - NFS escape to root file system And much more! Full rundown: github.com/Pennyw0rth/Net…

The post is at tantosec.com/blog/2025/06/i… and we hope you enjoy reading it as much as we enjoyed putting it together! ❤️

Check out my latest Exploit Explained Bug Bounty writeup for Synack Red Team 🚨 Turning Frontend Clues into Backend Compromise: Insecure Routing to RCE #Synack #CyberSecurity #ExploitExplained #AppSec #BugBounty #RCE #InfoSec synack.com/exploits-expla…

Happy Monday! Start your week off right by reading how Synack Red Team member Duty pieced together a dangerous Remote Code Execution (#RCE) vulnerability while testing a customer using Synack’s Penetration Testing as a Service platform 👀: hubs.ly/Q03z3V2P0

LOLdrivers.io now has SIEM queries and a tool section for those looking to operationalize the data. Thanks to Mehmet Ergene and The Haag™ for sharing the queries with the community! Also shout out to Tenable for sharing the Nessus plugin, Oddvar Moe for the

x.com/i/article/1956…

SQL injection tip of the day. On MySQL and its variants, you can use versioned comments. Let's say we are having potential SQLi on target, vulnerable parameter is id and we can only do blind injection attacks, but you are not sure about what DBMS is used. So, change value of

We earned a $15,000 bounty on HackerOne with manuel valdez⛩️! His persistence on the target paid off, uncovering SQLi leads on a major social network. The exploit was straightforward once the query structure leaked due to verbose errors, revealing the injection point by commenting.