| Oops I UDL'd it Again |
|
|
|
| CVE-2024-38428 Wget Vulnerability: All you need to know |
|
|
|
| Exploring Anti-Phishing Measures in Microsoft 365 |
|
|
|
| Fickle PDFs: exploiting browser rendering discrepancies |
|
|
|
| Old new email attacks |
|
|
|
| Arbitrary 1-click Azure tenant takeover via MS application |
|
|
|
| Kobold Letters - Why HTML emails are a risk to your organization |
|
|
|
| Device Code Phishing – Add Your Own Sign-In Methods on Entra ID |
|
|
|
| Calling Home, Get Your Callbacks Through RBI |
|
|
|
| Weird bug to steal users credentials |
|
|
|
| Spamming Microsoft 365 Like It’s 1995 |
|
|
|
| EvilSln: Don't open .sln files |
|
|
|
| Leveraging VSCode Extensions for Initial Access |
|
|
|
| Phishing the anti-phishers: Exploiting anti-phishing tools for internal access |
|
|
|
| Hook, Line, and Phishlet: Conquering AD FS with Evilginx |
|
|
|
| “PhishForce” — Vulnerability Uncovered in Salesforce’s Email Services Exploited for Phishing Facebook Accounts In-The-Wild |
|
|
|
| Modeling Malicious Code: Hacking In 3D |
|
|
|
| Less SmartScreen More Caffeine: (Ab)Using ClickOnce for Trusted Code Execution |
|
|
|
| Arbitrary email forgery in Webflow |
|
|
|
| Attacking Visual Studio for Initial Access |
|
|
|
| CrossTalk and Secret Agent: Two Attack Vectors on Okta's Identity Suite |
|
|
|
| Exploiting Application Logic to Phish Internal Mailing Lists |
|
|
|
| discord.exe – Improper Input Validation |
|
|
|
| Hacking Smartwatches for Spear Phishing |
|
|
|
| How Sigstore quickly patched an upstream vulnerability |
|
|
|
writeups.xyz
/
Phishing