BONOMEN - Hunt for Malware Critical Process Impersonation - 0xcpu/bonomen

I found this one completely by chance; I was messing around with the server’s Diffie-Hellman parameters (typical Saturday evening) and to my surprise it crashed the OpenSSL 1.1.0 client. Even…

In this paper I will present an elegant technique (it’s my opinion, indeed) to get shell access to a vulnerable remote machine. It is not my own technique but I found it very interesting. The focus of this paper is on this technique and not in the way to…

The ransomware-as-a-service (RaaS) model has been around for many years, but lately, the groups behind such services are targeting regular users to distribute ransomware for their profit. Sites such as Satan RaaS enable non-technical users to create their…

Due to not proper transfer functionality implementation attacker can produce round error issue. In other words - "make money".

In December 2015, I found a critical vulnerability in one of PayPal business websites ( manager.paypal.com ). It allowed me to exe...

Google's Project Zero team Discloses zero-day Windows GDI library Vulnerability That Microsoft Fails To Patch in 90 days

The USBKill, or USB Killer is a device used by pentesters, industrial clients and law-enforcement world-wide to perform security checks against power surge attacks on USB ports. USBKill.com is manufacturer of the USB Kill device, USBKill Shield - which defends…

# Vulnerability details
The project export feature serializes the user objects of team members and stores it in the `project.json` file. This object contains the `authentication_token` for every...

# Vulnerability details
The project export feature serializes the user objects of team members and stores it in the `project.json` file. This object contains the `authentication_token` for every...

Privilege escalation, in the traditional sense, is “a type of network intrusion that takes advantage of programming errors or design flaws…