Understanding the Vulnerability ProfilePress, formerly WP User Avatar, a WordPress plugin installed on over 400,000 sites made it possible for an attacker to upload arbitrary files to a vulnerable site and register as an administrator on sites even if user…

It is not uncommon organizations to implement an internal certification authority in order to establish trust between entities (users, computers etc.) or utilize it for user authentication. Impleme…

While analyzing the phone of a Saudi activist infected with NSO Group’s Pegasus spyware, we discovered a zero-day zero-click exploit against iMessage. The exploit, which we call FORCEDENTRY, targets Apple’s image rendering library, and was effective against…

A Journey About Productizing Security

Even iPhones were vulnerable to the surveillance software, which appears to have been used against activists, journalists, and others.

When my wife and I were expecting our first child, a good baby monitor was one of the top items on our shopping list. Most of the available options of course now include Wi-Fi, a mobile app, and cloud integration. When we decided on the Motorola Halo+, I…

Looking at how to use real time kernel monitoring for shellcode detection. Alonso Candado discusses the challenges faced when trying to detect shellcode at runtime, usin the examples of hooking syscalls via hypervisor EPT feature and detecting shellcodes…

Today we have released the newest version of Kali Linux, 2021.3 (quarter #3), which is now ready for download or updating.
A summary of the changes since the 2021.2 release from June are:
OpenSSL - Wide compatibility by default - Keep reading for what that…

Overview
I was working on my OSEP certification when I was inspired to stop studying for a bit to deep-dive into malicious word documents. The OSEP certification inspired a lot of the content you&#03

Deployment of an Active Directory Certificate Services (AD CS) on a corporate environment could allow system administrators to utilize it for establishing trust between different directory objects.…

Deus x64 is an upcoming computer security and binary exploitation wargame by RET2 Systems