Introduction Last year, I blogged about Investigating .NET CLR Usage Log Tampering Techniques For EDR Evasion. In that part 1 post, we covered: The purpose of .NET Usage Logs and when they are crea…

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests. - GitHub - blst-secu...

Microsoft security researchers have discovered a post-compromise capability we’re calling MagicWeb, which is used by a threat actor we track as NOBELIUM to maintain persistent access to compromised environments.

On March 2nd, I reported several security vulnerabilities to VMWare impacting their Identity Access Management (IAM) solution. In this blog post I will discu...

We investigate mhyprot2.sys, a vulnerable anti-cheat driver for the popular role-playing game Genshin Impact. The driver is currently being abused by a ransomware actor to kill antivirus processes and services for mass-deploying ransomware.

The increased importance of the cloud and identity is not lost on attackers. To simulate adversary tradecraft, Red teams must be able to evolve offensive techniques against cloud identity systems. Cloud defenders must adapt quickly to understand these same…

It pays to centralize management of the tools, methods, and credentials used to access apps, services, and all other parts of the IT ecosystem.

We have no evidence that this incident involved any access to customer data or encrypted password vaults. Our products and services are operating normally.

Authors: Raffaele Forte, BackBox Team

When testing APIs with short-lived authentication tokens, it can be frustrating to login every few minutes, taking up a consultant's time with an unnecessary cut+paste task — As well as introducing the possibility for human error in copying across the token…

1. Introduction to Advanced Analytic Environment

Open source cloud-native security lake platform (SIEM alternative) for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS - GitHub - matanolabs/matan...

Microsoft, in conjuncture with partners in the PC ecosystem, has developed a set of capabilities and new operating environment conditions for UEFI based systems.  This environment will leverage common, architecturally defined mitigations to improve the device…

The Elastic Container Project provides a single shell noscript that will allow you to stand up and manage an entire Elastic Stack using Docker. This open source project enables rapid deployment for testing use cases.

Periodic cyber security newsletters that capture the latest news, summaries of conference talks, research, best practices, tools, events, vulnerabilities, and analysis of trending threats and attac...

Recently, I participated in the GitHub Bug Bounty program (run through HackerOne). This is a writeup of a command injection bug I discovered in GitHub Pages build process.

Remote code execution vulnerability found by JFrog Security Research, exploiting an Info Leak and Heap Overflow on UA’s C++ OPC demo server.

Nmap's XML result parse and NVD's CPE correlation to search CVE. - GitHub - CoolerVoid/Vision2: Nmap's XML result parse and NVD's CPE correlation to search CVE.