Remote Code Execution in extension pages is actually hard to achieve. We’ll produce a vulnerable extension nevertheless and look into how it can be exploited.

Website

A Poc on blocking Procmon from monitoring network events - GitHub - NUL0x4C/EtwSessionHijacking: A Poc on blocking Procmon from monitoring network events

Microsoft discovered a memory corruption vulnerability in a ChromeOS component that could have been triggered remotely, allowing attackers to perform either a denial-of-service (DoS) or, in extreme cases, remote code execution (RCE).

Open Source EDR for Windows. Contribute to 0xrawsec/whids development by creating an account on GitHub.

Introduction Last year, I blogged about Investigating .NET CLR Usage Log Tampering Techniques For EDR Evasion. In that part 1 post, we covered: The purpose of .NET Usage Logs and when they are crea…

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests. - GitHub - blst-secu...

Microsoft security researchers have discovered a post-compromise capability we’re calling MagicWeb, which is used by a threat actor we track as NOBELIUM to maintain persistent access to compromised environments.

On March 2nd, I reported several security vulnerabilities to VMWare impacting their Identity Access Management (IAM) solution. In this blog post I will discu...

We investigate mhyprot2.sys, a vulnerable anti-cheat driver for the popular role-playing game Genshin Impact. The driver is currently being abused by a ransomware actor to kill antivirus processes and services for mass-deploying ransomware.

The increased importance of the cloud and identity is not lost on attackers. To simulate adversary tradecraft, Red teams must be able to evolve offensive techniques against cloud identity systems. Cloud defenders must adapt quickly to understand these same…

It pays to centralize management of the tools, methods, and credentials used to access apps, services, and all other parts of the IT ecosystem.

We have no evidence that this incident involved any access to customer data or encrypted password vaults. Our products and services are operating normally.

Authors: Raffaele Forte, BackBox Team

When testing APIs with short-lived authentication tokens, it can be frustrating to login every few minutes, taking up a consultant's time with an unnecessary cut+paste task — As well as introducing the possibility for human error in copying across the token…

1. Introduction to Advanced Analytic Environment

Open source cloud-native security lake platform (SIEM alternative) for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS - GitHub - matanolabs/matan...

Microsoft, in conjuncture with partners in the PC ecosystem, has developed a set of capabilities and new operating environment conditions for UEFI based systems.  This environment will leverage common, architecturally defined mitigations to improve the device…