The use of an unconventional programming language, multiple target devices and possible entry points, and affiliation with prolific threat activity groups have made the BlackCat ransomware a prevalent threat and a prime example of the growing ransomware-as…

Team Nautilus found that many tokens of Travis CI users are exposed via an issue in its API which allows attackers to launch massive attacks in the cloud

Warning: this post is just for fun x-)

Thanks to Brad Duncan for sharing this pcap! https://www.malware-traffic-analysis.net/2022/04/04/index.html We did a quick analysis of this ...

Application security issues found by Assetnote

In my previous blog post (here), I described a technique to extract sensitive data (passwords, cookies) directly from the memory of a Chromium-based browser’s [CBB] process. Google’s response to...

🐾Dogwalk PoC (using diagcab file to obtain RCE on windows) - GitHub - ariary/DogWalk-rce-poc: 🐾Dogwalk PoC (using diagcab file to obtain RCE on windows)

We discovered flaws in Zimbra, an enterprise email solution, that allow attackers to steal credentials of users and gain access to their email accounts.

CVE-2022-25845 has a high potential impact but conditions for attack are not trivial. Read technical analysis and mitigation guidance of the Fastjson RCE vulnerability

Securing SSH is one of the main controls of CIS Benchmark, but what are the real threats to ssh exposure? Brute force, credential leaks, ...

This document describes a system for the forwarding of encrypted HTTP messages.
This allows a client to make multiple requests of a server without the server being able
to link those requests to the client or to identify the requests as having come
from the…

Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86

Preboot passwords are important when using BitLocker to prevent all kinds of attacks. One of those attacks is the ability to sniff the TPM chip communication and recover the decryption key. This article shows you how to attack Linux disk encryption and provides…

Introduction Our Web Security Academy has a topic on dangling markup injection - a technique for exploiting sites protected by CSP. But something interesting happened when we came to update to Chrome

Thanks to Brad Duncan for sharing this pcap! https://www.malware-traffic-analysis.net/2022/06/14/index.html We did a quick analysis of this ...

In this post, we attack the Nest Hub (2nd Gen), an always-connected smart home display from Google, in order to boot a custom OS. First, we explore both hardware and software attack surface in search of security vulnerabilities that could permit arbitrary…

A comprehensive guide to MikroTik internals, including IPC, hand-rolled cryptography, and a novel post-authentication jailbreak

disclaimer: these post series are just for fun and should not be readed by anyone

Volexity frequently works with individuals and organizations heavily targeted by sophisticated, motivated, and well-equipped threat actors from around the world. Some of these individuals or organizations are attacked infrequently or […]

Learn more about a potentially harmful Office 365 functionality that allows ransomware to encrypt files stored on SharePoint and OneDrive. Read more with Proofpoint.