In this detailed blog post, Lucas Cebrero Lell walks us through CSPT vulnerabilities and how valuable they are in order to exploit CSRF in apps which have moved away from the typical auth Cookies. There's also a Lab available in github based on React and Node which serves as a sample vulnerable app to try and exploit CSPT.
In4m is consoled based and summarizes front page hacker-related news from trusted sources (eg hackernews, watchtowr, bleeping computer, ...), showing only titles and links to the original article.
A checklist to help pentesters and auditors assess Self-Hosted GitLab instances. Checks include misconfigurations and weaknesses that could lead to privilege escalation and code or secrets theft/abuse. It's a first version focused on Authentication, CI/CD Runners, CI/CD Variables and Project configurations.
Bypassing of different Watermark implementations; including tricks related to Picture-In-Picture, erroneous assumptions at the time of enforcing client-side protections, and then HLS (HTTP Live Streaming) and ways to reassemble videos offline by looking into m3u8 playlists and encrypted video segments.
Available in GitHub at: https://github.com/kulkansecurity/mxchecksec