Introduction

Research Team: Salman Qazi, Yoongu Kim, Nicolas Boichat, Eric Shiu & Mattias Nissler  Today, we are sharing details around our discovery of ...

This post will cover my review of the Offensive Security Enhanced Security

Five months before DarkSide attacked the Colonial pipeline, two researchers discovered a way to rescue its ransomware victims. Then an antivirus company’s announcement alerted the hackers.

An off-by-one error in ngx_resolver_copy() while processing DNS responses allows a network attacker to write a dot character (‘.’, 0x2E) out of bounds in a heap allocated buffer.

Posted in r/netsec by u/bigbottlequorn • 0 points and 0 comments

M1RACLES (CVE-2021-30747) is a covert channel vulnerability in the Apple Silicon “M1” chip.

A short guide on choosing a pentest service provider

Safari 14.1 shipped in late April with many new features, including its long-awaited implementation of AudioWorklets. Shortly after, a commit landed in WebKit, fixing an AudioWorklet bug which “crashes Safari”. As it turns out, this is an exploitable type…

Using CVE-2021-21551 as an example, learn how adversaries approach weaponizing vulnerabilities, and the technologies that work best to mitigate their tactics.

Socials Twitter: https://twitter.com/Mako_Sec GitHub: https://github.com/MakoSec
Materials Used x64 Debugger https://x64dbg.com/#start
Frida https://frida.re/
Sysinternals https://docs.microsoft.com/en-us/sysinternals/downloads/
Unhooking DLL…

Discord is the easiest way to communicate over voice, video, and text. Chat, hang out, and stay close with your friends and communities.

Introduction During a recent client engagement we discovered an argument injection vulnerability in certain configurations of Refinery CMS. Upon further investigation, it was understood that the root cause of this issue existed in the Ruby Gem Dragonfly,…

Last year our team had to analyze V8 bytecode. Back then, there were no tools in place to decompile such code and facilitate convenient navigation over it. We decided to try writing a processor module for the Ghidra framework. Thanks to the features of the…

Encryption tool that's heavily inspired by the Rubberhose file system (https://en.wikipedia.org/wiki/Rubberhose_(file_system)). - GitHub - Cookie04DE/Sekura: Encryption tool that's ...

Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.

Join the journey into Plone CMS that lead us to discover an authenticated RCE vulnerability

Six months ago the UK’s Glastonbury Town Council set up a 5g Advisory Committee to explore the safety of the technology, and last month the local paper reported their findings. […]