Introduction Our Web Security Academy has a topic on dangling markup injection - a technique for exploiting sites protected by CSP. But something interesting happened when we came to update to Chrome

Thanks to Brad Duncan for sharing this pcap! https://www.malware-traffic-analysis.net/2022/06/14/index.html We did a quick analysis of this ...

In this post, we attack the Nest Hub (2nd Gen), an always-connected smart home display from Google, in order to boot a custom OS. First, we explore both hardware and software attack surface in search of security vulnerabilities that could permit arbitrary…

A comprehensive guide to MikroTik internals, including IPC, hand-rolled cryptography, and a novel post-authentication jailbreak

disclaimer: these post series are just for fun and should not be readed by anyone

Volexity frequently works with individuals and organizations heavily targeted by sophisticated, motivated, and well-equipped threat actors from around the world. Some of these individuals or organizations are attacked infrequently or […]

Learn more about a potentially harmful Office 365 functionality that allows ransomware to encrypt files stored on SharePoint and OneDrive. Read more with Proofpoint.

Persistence, lateral movement

VED - Linux kernel threat detection and prevention system LKM version of VED goes public finally.

Thanks to Brad Duncan for sharing this pcap! https://www.malware-traffic-analysis.net/2022/04/19/index2.html We did a quick analysis of this...

In this post I’ll exploit CVE-2022-22057, a use-after-free in the Qualcomm gpu kernel driver, to gain root and disable SELinux from the untrusted app sandbox on a Samsung Z flip 3. I’ll look at various mitigations that are implemented on modern Android devices…

In April of this year, FreeBSD patched a 13-year-old heap overflow in the Wi-Fi stack that could allow network-adjacent attackers to execute arbitrary code on affected installations of FreeBSD Kernel. This bug was originally reported to the ZDI program by…

On January 11, 2022, we published a blog post describing the details of CVE-2022-21893, a Remote Desktop vulnerability that we found and reported to Microsoft. After analyzing the patch that fixed...

In early February 2022, we came across a tweet from ShadowChasing1 identifying a SideWinder-related word document which referenced a template URL. In this article, we share our insights from…

The attack comprises of performing command injection vulnerability in Lambda Functions in order to steal the AWS keys and access AWS resources as the stolen keys of the IAM role.

Technical analysis of the Matanbuchus malware with focus on network traffic and commands

Thanks to Brad Duncan for sharing this pcap! https://www.malware-traffic-analysis.net/2022/06/16/index.html We did a quick analysis of this ...

The mobile banking malware BRATA keeps evolving into an APT. Read here the new Technical Report, which explains in detail how it monitors banks' account and how to prevent it.