CVE-2022–35412

Explore and run machine learning code with Kaggle Notebooks | Using data from CVE (Common Vulnerabilities and Exposures)

A large-scale phishing campaign that attempted to target over 10,000 organizations since September 2021 used adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user’s sign-in session, and skip the authentication process, even if the…

Azure Site Recovery is a suite of tools aimed at providing disaster recovery services for cloud resources. It provides utilities for…

Cosign and Connaisseur allow us to secure the Kubernetes deployment with signature verification, ensures that our images do not change.

computers

Team Nautilus has recently discovered a vulnerability in Node.js that can lead to DLL hijacking on Windows via npm CLI if OpenSSL is installed on the host

During my early stages of employment at Gais Cyber Security in 2021, my manager had reached out to me over the phone and said with…

We’ve just released another open-source tool: pretender, a cross-platform tool to obtain a machine-in-the-middle position inside Windows networks in the spirit of Responder and mitm6. It implements local name resolution spoofing using the mDNS, …

We recently discovered a Prototype Pollution vulnerability in Blitz.js leading to Remote Code Execution. Learn about this bug class and how to avoid it in your code!

It's been more than six months since the Log4Shell vulnerability (CVE-2021-44228) was disclosed, and a number of post-mortems have come out talking about lessons learned and ways to prevent the next Log4Shell-type event from happening.

What happens when you run an executable on your Windows machine? This blog provides a brief overview and the flow for creating a Windows Process, the APIs and structures involved, and the Process Internals.

An analysis of a Denial Of Service vulnerability on the Apache Tomcat Cluster Service listener.

Offensive tooling built upon the .NET framework and its runtime environment, the Common Language Runtime (CLR), is an important part of…

Binary Ninja is a modern reverse engineering platform with a noscriptable and extensible decompiler.

Penetration testing identifies Tableau Server was vulnerable to reflected XSS which could lead to exposure of sensitive data.

In this blog we dive into compound identities, Azure Key Vault, JWT tokens and bound identities. For fun and to understand their inner workings.