- Holiday Hack Challenge 2015 Complete Writeup
- Qualys OpenSSH Client Roaming (CVE-2016-0777 and CVE-2016-0778)
- TrendMicro node.js HTTP server listening on localhost can execute commands
- Java Deserialization: Vulnerabilities in JBoss, Jenkins, etc.
- Java Deserialization: Automating the hunt
- Java Deserialization: Paypal RCE
- Rails Dynamic Render to RCE (CVE-2016-0752)
- Attack Methods for Gaining Domain Admin Rights in Active Directory
- On The Design and Implementation of a Stealth Backdoor for Web Applications
- RCE on Android < 4.2 via
- Windows 10 Privilege Escalation via Dolby's DAX2 API Service
- Alex Dergachev: Why You Can't Un-Root a Compromised Machine
- How to use
setuidto install a root backdoor.
- How to use
- Introduction to Lobotomy: Part 1, Part 2
- Lobotomy is an Android security toolkit.
- joelpx / reverse
- Binary disassembler that generates indented pseudo-C with colored syntax code.
- montyly / gueb
- Static analyzer that performs use-after-free detection on binaries.
- Hot Potato - Windows Privilege Escalation
- Hot Potato (aka: Potato) takes advantage of known issues in Windows to gain local privilege escalation in default configurations, namely NTLM relay (specifically HTTP->SMB relay) and NBNS spoofing.
- SuperSerial: Passive and Active
- Automates identifiation of Java deserialization issues.
- From F to A+: Getting Good Grades on Website Security Evaluations
- Info on security headers (e.g. CSP, HSTS, HPKP) and implementation.
- Strong Ciphers for Apache, nginx and Lighttpd.
- Server World
- Guides on configuring servers for various Linux distros.
- Learn X in Y Minutes: Scenic Programming Language Tours
- Signs that you're a bad programmer
- Signs that you're a good programmer