Exploit Title: Wordpress Plugin Participants Database < 1.7.5.10 - XSS Google Dork: inurl:wp-content/plugins/participants-database/ Date: 01-Sep-17 Exploit Author: Benjamin Lim Vendor Homepage: https://xnau.com/ Software Link: https://wordpress.org/plugins/participants-database/ Version: 1.7.5.9 Tested on: Kali Linux 2.0 CVE : CVE-2017-14126 1. Product ...

Having passed my OSCP exam last week, I thought it would be good for me to share my thoughts with OSCP aspirants out there. A little bit on my background first. I have a bachelors degree in computing specialising in information security and have worked as a network pen tester ...

Enumerating sites which are hosted on the same IP address can sometimes tell us a lot about a server. Is it shared hosting? Is it a legitimate server which was compromised for C2 operations? Does the site owner have any other shady business dealings on the side? I am aware ...

Recently, Burger King took out a TV advert and used Google voice assistant's "OK google" command to make devices read out a paragraph on the whopper burger. While most news reports take a rather cavalier attitude, treating it as a prank, this is actually remote command execution. The attacker ...

DarkTrace is "led by leading government cyber intelligence officials from MI5, NSA and the CIA." Hmm... He also seems to have no idea that he has been trolled.

Have you ever wondered how old is the average BMT recruit? How many are new citizens? The article will explore a dataset of 3287 recruits from the 01/17 batch and present both facts as well as conjectures which I made. In the dataset, there are a total of 4534 ...