1. Introduction Hypervisor was known as hard target to fuzz over several years. Even though, lots of prior pioneers( Peter Hlavaty, Chaitin Tech, StarLabs, Peleg Hadar and Ophir Harpaz and many others ) doing amazing work to overcome this limit and found…

Windows Oracle Database Attack Toolkit. Contribute to InitRoot/wodat development by creating an account on GitHub.

Hi everyone! Here suffering (again) the high temperatures and hoping winter to come back again.

A few months ago, new firmware […]

A few weeks ago, version 2.

Breach and Attack Simulation (BAS) also known as Adversary Simulation is an emerging IT security technology equipping the proactive approach to the way we look at organizational security. Open-source BAS tools like Caldera and Atomic Red Team are utilised…

Attackers are increasingly leveraging managed IIS extensions as covert backdoors into servers, providing a durable persistence mechanism for attacks.

This post discusses the process of searching top GitHub projects for mass assignment vulnerabilities. This led to a fun finding in the #1 most starred GitHub project, freeCodeCamp, where I was able to acquire every coding certification – supposedly representing…

An in-depth analysis of Matanbuchus loader’s tricks and loading techniques Matanbuchus is a Malware-as-a-Service loader that has been sold on underground markets for more than one year....

MSTIC and MSRC disclose technical details of a private-sector offensive actor (PSOA) tracked as KNOTWEED using multiple Windows and Adobe 0-day exploits, including one for the recently patched CVE-2022-22047, in limited and targeted attacks against European…

Strenum is a game changer, but don't take our word for it - try it out!

In this post I’ll exploit CVE-2022-20186, a vulnerability in the Arm Mali GPU kernel driver and use it to gain arbitrary kernel memory access from an untrusted app on a Pixel 6. This then allows me to gain root and disable SELinux. This vulnerability highlights…

This articles explains how the WordPress JSON API and XMLRPC can be used to attack WordPress website using Brute Force techniques.

Spear phishing is a social engineering activity intended to simulate a realistic attack scenario with the intent of bypassing technical security controls and persuading employees to perform various actions.

TrustedSec's blog is an expert source of information on information security trends and best practices for strategic risk management.

Contribute to mandiant/Azure_Workshop development by creating an account on GitHub.