OpenClaw is an open source AI assistant that runs on your machine and connects to chat apps like Telegram, Discord, and Slack. It is useful because it collapses message intake, web access, tool invocation, and stored authority into one runtime. These features make it a very inviting application however that is also the core danger.
How to use Evilginx 3 with Custom Certificates
Two ways to use Evilginx 3 community edition with custom (even wildcard) certificates.
Last year, I conducted a phishing campaign as part of a red team assessment. Let me share what I learned about SPAM filters. I also had access to the internal mailing system, allowing me to test my theories on the target.
Stealthier than Nmap: ShadowProbe
ShadowProbe is a custom-made, TCP-only port scanner designed for multiple targets, featuring an inbuilt scheduler. It is a tool intended to run for days or even weeks once started.
LegolAD is an enumeration tool that allows configurable network traffic for LDAP requests in Active Directory. It can be configured for scope, pagination, and jitter. The idea behind it was to evade detection by custom monitoring systems.
In this article, we’ll explore the different types of penetration tests—compliance-driven, penetration testing as a service (PTaaS), and threat-led testing. We’ll discuss when and why each type is necessary, who benefits from them, and how to determine the best option for your organization’s specific security needs.
AIMS eCrew Authorization Bypass (CVE-2024-44450)
Access control vulnerabilities are still the most common problems in web applications. This blog post summarizes several access control issues we found in our target web application.
Email remains the primary attack vector for phishing and ransomware, making robust authentication essential for protecting organizations. This article introduces SPF, DKIM, and DMARC—three key technologies that help verify sender identity, prevent spoofing, and enhance email security.
Configuring Burp Suite for Testing Vaadin-based Applications
Vaadin-based applications rely on synchronization values to maintain UI state. During security testing, missing or incorrect values can terminate sessions, making automated scans ineffective. This article explores how to navigate these challenges using Burp Suite.