Introduction Rudroid - this might arguably be one of the worst Android emulators possible. In this blog, we’ll write an emulator that can run a ‘Hello World’ Android ELF binary. While doing this, we will learn how to go about writing our own emulators.
Writing…

Posted in r/netsec by u/hardenedvault • 2 points and 0 comments

You can't improve what you cannot measure, but measuring incorrectly can drive incentives in the wrong direction. Here's a hypothesis on "good" AppSec metrics and why they are so hard to measure.

RCE 0-day for GhostScript 9.50 - Payload generator - duc-nt/RCE-0-day-for-GhostScript-9.50

This post is about open redirect vulnerabilities; the story of three vulnerable websites, why it’s bad, and how to prevent and detect abuse. First, a primer…

Paving the way for 0days Dedicated to: Zix , who spent precious-time guiding me within the last two-months . Mohammed , Jalil , Zakariae ...

Templates are pre-formatted documents, which already contain certain information. A template engine is a specific kind of template processing module that exhibits all major features of a modern programming language. The developers make use of Template engines…

Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++. - GitHub - geemion/Khepri: Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang a...

Microsoft has detected multiple zero-day exploits on the on-premises version of the Microsoft Exchange Server (2013,2016, and 2019). Microsoft attributes this campaign with high confidence to HAFNIUM, a group assessed to be state-sponsored and operating out…

JFrog security research team discovers new critical vulnerability (CVE-2021-40346) in HAProxy. The new vulnerability can be exploited for HTTP Request Smuggling attacks.

Picked up one of these a little while back at the behest of a good friend…

As I mentioned towards the end of my previous blog post, where I detailed running my blog on the PinePhone's GSM/WWAN/GPS modem, I suspected that the daemon ...

AWSXenos will list all the trust relationships in all the IAM roles, S3 buckets, and more - AirWalk-Digital/AWSXenos

Imagine: all the tanks of your army are made of cardboard. Now imagine that not only your tanks but also all your airforce is composed of paper planes and your navy of paper vessels. It would be a pretty bad situation, don’t you think?
While it sounds absurd…

Lacework Labs Team has observed a number of CVE 2021-26084 exploit attempts using the publicly available exploit code.

Contribute to justinsteven/advisories development by creating an account on GitHub.

(The making of a MySQL Canarytoken) tl;dr Consider this scenario: An industrious attacker lands on one of your servers and finds a 5MB MySQL dump file (say, called prod_primary.dump). What do they …

  In April 2021, I discovered a security flaw in Windows Recovery Environment Agent which allowed an unauthenticated attacker to gain elevat...

OWASP Top 10 2021 Draft

End of June 2021, Qrator Labs started to see signs of a new assaulting force on the Internet – a botnet of a new kind. That is a joint research we conducted together with Yandex to elaborate on the specifics of the DDoS attacks enabler emerging in almost…