A fun tool that finds weak Active Directory passwords, and then notifies the user. https://github.co...

Pwn2Own had some interesting browser vulnerability results: https://www.zerodayinitiative.com/blog/2...

Surprisingly good article from the BBC about firmware attacks https://www.bbc.com/news/business-5667...

Guess who forgot to do a newsletter last week?   Cool file upload attack to get access to SSH u...

Happy pi day!   Missive on the insecurity of C as a programming language. https://daniel.haxx.s...

This is a pop culture article about why mobile application can be insecure (from Wired) but it is we...

Portswigger published their Top 10 Hacking Techniques for 2020. https://portswigger.net/research/top...

Microsoft has some guidance for containers using .NET https://devblogs.microsoft.com/dotnet/staying-...

Apparently I failed to publish last week. Sorry about that.   Rolling shellcode from objects in...

Using Machine Learning to perfect SQL Injection https://portswigger.net/daily-swig/machine-learning-...

A very Interesting list of exploitable "features" in PDFs. https://web-in-security.blogspot.com/2021...

Breakdown of a malicious app that man-in-the-middled the Google Signin. https://blog.usejournal.com/...