Awesome paper presented in France covering XXE - really good research. Worth a read.
https://www.gosecure.net/blog/2019/07/16/automating-local-dtd-discovery-for-xxe-exploitation
Those who have taken my training know how I talk about protecting the soft meaty middle - well, Slack is proving that user accounts are the gift that keeps on giving. They reset passwords - from a breach 4 years ago.
https://thehackernews.com/2019/07/slack-password-data-breach.html
https://www.theregister.co.uk/2019/07/19/2015_database_hack_slack/
Really neat tool for hooking executables in Windows. I tried it, it's super neat.
https://github.com/everdox/InfinityHook
Here's an I-wish-it-was-an-OWASP-project example. Tons of research on Command injection.
https://hackersonlineclub.com/command-injection-cheatsheet/
That's the news folks. Stay safe out there.