Insider threats are one of the most difficult risks for security teams to manage because most employees require some level of trust and privileges to perform their roles. Managing this risk involves detecting and containing the undesirable behavior of trusted…

Mara is a userland pty/tty sniffer. Contribute to io-tl/Mara development by creating an account on GitHub.

We developed a robust detection method in Microsoft Defender for Endpoint that can catch known and unknown variations of a process execution class used by attackers to evade detection. This class of stealthy execution techniques include process doppelganging…

Introduction In part three of this series, we will analyse Brute Ratel, a command and control framework developed by Dark Vortex. As the C2 is lesser known, we can see...

Beside bug fixes this release introduces many new features and it was so much fun working on it. We think this release is very beautiful and we are really proud of it! You are invited to celebrate ...

On Tuesday, December 7th 2021 I discovered a critical vulnerability in Cloudflare’s Email Routing service. This vulnerabilty enabled anyone to modify the routing configuration of any domain using the service. A bad actor could have overwritten the destination…

Identity and Access Management has always been a major area of concern and focus for organizations, across all the different systems in the estate, including source control management systems (SCM), and specifically GitHub. Organizations spend a great deal…

A tool to take domains from stdin and output to stdout if have at least one IP address associated with the selected country.

Paranoid's library contains implementations of checks for well known weaknesses on cryptographic artifacts. - google/paranoid_crypto

Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made w...

Akamai researchers have analyzed ASNs to determine some shocking stats about the state of malicious IPs and where they are from.

Last months I’ve been working on a new project called didsomeoneclone.me. Last years I’ve been analyzing many phishing websites for fun. During those analysi...

In researching the mystery surrounding alleged exploitation in the wild of CVE-2020-2509, we found what make be an entirely new vulnerability.

A new version of Certipy has been released along with a forked BloodHound GUI that has PKI support! In this blog post, we will look at…

GLUFS allows you to automate the tedious process of finding leaks using format string vulnerabilities. - Diego-AltF4/GLUFS

In reading Yan Zhu’s excellent write-up of the JSON CSRF vulnerability she found in OkCupid one thing puzzled me: I was under the impression that browsers these days default to …

A brief guide to this helpful feature