A group of actors originating from North Korea that MSTIC tracks as DEV-0530 has been developing and using ransomware in attacks since June 2021. This group, which calls itself H0lyGh0st, utilizes a ransomware payload with the same name.

Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.

The story of REstringer - a new open source Javanoscript deobfuscator.

Investigating and recovering a compromised Linode server running WordPress and latest Ubuntu.

A few days ago, an issue was opened for PPLdump on GitHub, stating that it no longer worked on Windows 10 21H2 Build 19044.1826. I was skeptical at first so I fired up a new VM and started investigating. Here is what I found…

RIPPL is a tool that abuses a usermode only exploit to manipulate PPL processes on Windows - GitHub - last-byte/RIPPL: RIPPL is a tool that abuses a usermode only exploit to manipulate PPL processe...

Cobalt Strike is one of the most popular command-and-control frameworks, favoured by red teams and threat actors alike. In this blog post we will discuss strategies that can be used...

The following vulnerabilities were found as part of a research project looking at the state of security of the different Nuki (smart lock) products. The main goal was to look for vulnerabilities which could affect to the availability, integrity or confidentiality…

Next-gen open source framework for the security of everything

Technical analysis of the SVCReady, Gozi and IcedID attack chain

Claroty Team82 has disclosed security vulnerabilities in Filewave MDM that enable remote code execution on managed devices.

1. Introduction Hypervisor was known as hard target to fuzz over several years. Even though, lots of prior pioneers( Peter Hlavaty, Chaitin Tech, StarLabs, Peleg Hadar and Ophir Harpaz and many others ) doing amazing work to overcome this limit and found…

Windows Oracle Database Attack Toolkit. Contribute to InitRoot/wodat development by creating an account on GitHub.

Hi everyone! Here suffering (again) the high temperatures and hoping winter to come back again.

A few months ago, new firmware […]

A few weeks ago, version 2.

Breach and Attack Simulation (BAS) also known as Adversary Simulation is an emerging IT security technology equipping the proactive approach to the way we look at organizational security. Open-source BAS tools like Caldera and Atomic Red Team are utilised…

Attackers are increasingly leveraging managed IIS extensions as covert backdoors into servers, providing a durable persistence mechanism for attacks.

This post discusses the process of searching top GitHub projects for mass assignment vulnerabilities. This led to a fun finding in the #1 most starred GitHub project, freeCodeCamp, where I was able to acquire every coding certification – supposedly representing…

An in-depth analysis of Matanbuchus loader’s tricks and loading techniques Matanbuchus is a Malware-as-a-Service loader that has been sold on underground markets for more than one year....