TLDR I was unable to find some good writeups/blogposts on Windows user mode heap exploitation which inspired me to write an introductory but practical post on Windows heap internals and exploitati

The HydraPWK project's latest Apes-T1 snapshot refines its penetration-testing Linux distribution by replacing Elasticsearch with the open-source OpenSearch, resolving licensing issues and enhancing tools for industrial security assessments.

In JPCERT/CC Eyes, we previously reporte...

Anti Virtulization, Anti Debugging, AntiVM, Anti Virtual Machine, Anti Debug, Anti Sandboxie, Anti Sandbox, VM Detect package. Windows ONLY. - EvilBytecode/GoDefender

...re-discovering Heaven's Gate on ARM

Introduction

Recently, I developed a PoC AV/EDR Framework, called Inceptor. More information about the tool can be found in the repository itself, and in the accompanying blog post.

Recently, I got my hands on a hardware wallet that features iris recognition as a selling point. The novelty of the iris component sparked my curiosity, so I decided to take a deep dive into its implementation. Since the wallet’s hardware and software design…

How I reverse engineered an ESP32-based smart home device to gain remote control access and integrate it with Home Assistant.

IntroductionIn October 2024, InfoSect participated in Pwn2Own – a bug bounty competition against embedded devices such as cameras, NAS’, and smart speakers. In this blog, I’ll dis…

In this blog post, we document Linux process injection techniques, and explain how to detect and mitigate them.

Awesome-Cellular-Hacking. Contribute to W00t3k/Awesome-Cellular-Hacking development by creating an account on GitHub.

List of awesome reverse engineering resources. Contribute to wtsxDev/reverse-engineering development by creating an account on GitHub.

Let’s explore ways to mod a Tapo C200 Rev.5 firmware in order to gain root access to a running device.

A comprehensive guide to advanced memory debugging techniques in C, exploring Valgrind, AddressSanitizer, and other tools for detecting memory errors and optimizing memory usage.

The Splunk Threat Research Team breaks down the NotDoor Outlook-macro backdoor linked to APT28 and shows how to detect these stealthy techniques to strengthen security coverage.

The Nokia Beacon 1 proved to be an interesting journey covering the full spectrum of techniques from hardware debug interfaces to firmware extraction and finally both static and dynamic analysis. I was rewarded with interesting findings including a (now-patched)…