Contribute to chip-red-pill/MicrocodeDecryptor development by creating an account on GitHub.

Note: The objective of this research or any similar researches is to improve the nodejs ecosystem security level.
Recently i was working on a related project using one of the most popular Nodejs templating engines Embedded JavaScript templates - EJS
In my…

About This Blog Post This blog post is a technical report of a presentation that I presented on June 10, 2022 for the second task of my Mobile Security course. I decided to investigate how WhatsApp backs up messages to the cloud with the “end-to-end encrypted…

This write-up is part 1 of a series of write-ups about the 5 vulnerabilities we demonstrated last April at Pwn2Own Miami. This is the write-up for the Trusted Application Check Bypass in the OPC Foundation’s OPC UA .NET Standard.

NOTE: parts of this article describe steps by which the order of encryption methods are reversed to render encrypted data in clear-text. This was done in order to investigate the app being discusse…

Microsoft’s Azure Arc is a management platform designed to bridge multi-cloud and similarly mixed environments together in a convenient…

a sample security tool testing procedure

Posted by Matthew Maurer and Mike Yu, Android team To help keep Android users’ DNS queries private, Android supports encrypted DNS. I...

RandoriSec Offensive Security

Multiple Vulnerabilities have been disclosed in Atlassian Products. A hardcoded credential vulnerability in Questions for Confluence, and Servlet Filter Bypass Vulnerabilities have been found in multiple Atlassian products that may enable Authentication Bypasses…

Upon searching for Django web applications with enabled Debug Mode on Criminal IP (https://www.criminalip.io/), Database (hereinafter referred to as DB) accounts information and API Keys of more than 3,100 applications were found to be exposed on the internet.…

The first bd-j hack. Contribute to TheOfficialFloW/bd-jb development by creating an account on GitHub.

Posted in r/netsec by u/Individual_Power_489 • 10 points and 1 comment

We recently discovered a zero-day vulnerability in Google Chrome (CVE-2022-2294) when it was exploited in the wild in an attempt to attack Avast users in the Middle East. The vulnerability was a memory corruption in WebRTC that was abused to achieve shellcode…

At the beginning of this month, GitLab released a security patch for versions 14->15. Interestingly in the advisory, there was a mention of a post-auth RCE bug with CVSS 9.9.
The bug exists in GitLab’s Project Imports feature, which was found by @vakzz. Incidentally…

Our first post in the Firmware Developers Need To Know blog series, Episode I: The Last Error, pointed out the benefits of adopting clean error codes. And

vSMTP : a next-gen mail transfer agent (MTA) written in Rust. Faster and Greener. - GitHub - viridIT/vSMTP: vSMTP : a next-gen mail transfer agent (MTA) written in Rust. Faster and Greener.

Introduction Its no secret that MDSec provides a commercial command-and-control framework with a focus on evasion for covert operations. With this in mind, we are continuously performing on-going R&D in...

A group of actors originating from North Korea that MSTIC tracks as DEV-0530 has been developing and using ransomware in attacks since June 2021. This group, which calls itself H0lyGh0st, utilizes a ransomware payload with the same name.