Microsoft, in conjuncture with partners in the PC ecosystem, has developed a set of capabilities and new operating environment conditions for UEFI based systems.  This environment will leverage common, architecturally defined mitigations to improve the device…

The Elastic Container Project provides a single shell noscript that will allow you to stand up and manage an entire Elastic Stack using Docker. This open source project enables rapid deployment for testing use cases.

Periodic cyber security newsletters that capture the latest news, summaries of conference talks, research, best practices, tools, events, vulnerabilities, and analysis of trending threats and attac...

Recently, I participated in the GitHub Bug Bounty program (run through HackerOne). This is a writeup of a command injection bug I discovered in GitHub Pages build process.

Remote code execution vulnerability found by JFrog Security Research, exploiting an Info Leak and Heap Overflow on UA’s C++ OPC demo server.

Nmap's XML result parse and NVD's CPE correlation to search CVE. - GitHub - CoolerVoid/Vision2: Nmap's XML result parse and NVD's CPE correlation to search CVE.

Early this year we had the opportunity to pentest Watchguard firewalls (XTM, Firebox) for a red team engagement. This blogpost will follow the journey in which I discover 5 vulnerabilities - 2 patched along the way - and build 8 distinct exploits, and finally…

This first blog post introduces the RASP checks used in SingPass

Abuse the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javanoscript code. - GitHub - evilsocket/jscythe: Abuse the node.js inspector mechan...

Please read This is a work in progress article that will receive updates as we continue publishing detailed walkthroughs for each level.
Ethernaut is OpenZeppelin Web3/Solidity based wargame to learn about Ethereum smart contract security and become familiar…

BGP hijacking

Introduction It’s that time of year again - the Binary Golf Grand Prix is back for a third year running! You can also check out my entries to the first and second times this amazing competition ran.
The theme this year was to produce a binary that crashes…

At BSides Atlanta I gave a talk on how to handle an incident in AWS. The talk and this post is intended to help those already familiar with the principles of Incident Response to understand what to do when the incident involves the AWS Control Plane.

CVE-2022-26113: Arbitrary file write as SYSTEM in Fortinet VPN, with privilege escalation implications.

Convenience tool for hashcat . Contribute to SySS-Research/hashcathelper development by creating an account on GitHub.

Introduction & Motivation Windows Sandbox is a feature that Microsoft added to Windows back in May 2019. As Microsoft puts it: Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software installed inside the…

it is very good. Contribute to ps1337/reinschauer development by creating an account on GitHub.

The Strengths and Weaknesses of a Technique-centric Purple Teaming Approach