CVE-2022-26113: Arbitrary file write as SYSTEM in Fortinet VPN, with privilege escalation implications.

Convenience tool for hashcat . Contribute to SySS-Research/hashcathelper development by creating an account on GitHub.

Introduction & Motivation Windows Sandbox is a feature that Microsoft added to Windows back in May 2019. As Microsoft puts it: Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software installed inside the…

it is very good. Contribute to ps1337/reinschauer development by creating an account on GitHub.

The Strengths and Weaknesses of a Technique-centric Purple Teaming Approach

Galois is open-sourcing MATE, a suite of tools for interactive program analysis with a focus on hunting for bugs in C and C++ code. MATE unifies application-specific and low-level vulnerability analysis using code property graphs (CPGs), enabling the discovery…

OpenSSL engine for use with SymCrypt cryptographic library - GitHub - microsoft/SymCrypt-OpenSSL: OpenSSL engine for use with SymCrypt cryptographic library

Posted by Francis Perron, Open Source Security Technical Program Manager, and Krzysztof Kotowicz, Information Security Engineer  Today, we a...

Join us on a threat analysis journey as we discover a very shady Python—and a very friendly RAT.

Overcoming version hurdles to perform an NTLM downgrade attack and obtain an NTLMv1 hash from a target computer during our ADFS research.

CVE-2021-38297 allows attackers to override an entire Wasm module & achieve WebAssembly code execution. Read technical analysis & mitigation from JFrog Security research >

GitHub officially recommends using GitHub Apps when integrating with GitHub, as they are easy to build and enjoy a rich and extensive API.  Most of us GitHub users have probably installed at least a few GitHub Apps, but have you ever stopped and wondered…

Posted by Pedro Barbosa, Security Engineer, and  Daniel Bleichenbacher, Software Engineer Paranoid is a project to detect well-known weaknes...

Security challenges

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all…

Educational, CTF-styled labs for individuals interested in Memory Forensics - GitHub - stuxnet999/MemLabs: Educational, CTF-styled labs for individuals interested in Memory Forensics

Microsoft discovered a high-severity vulnerability in the TikTok Android application, now identified as CVE-2022-28799 and fixed by TikTok, which could have allowed attackers to compromise users' accounts with a single click.

In this blog post, we'll deep-dive into Linux Audit Framework.

Introduction Its no secret that MDSec provides a commercial command-and-control framework with a focus on evasion for covert operations. With this in mind, we are continuously performing on-going R&D in...

Introduction netlink and nf_tables Overview Sets Expressions Set Expressions Stateful Expressions Expressions of Interest nft_lookup nft_dynset nft_connlimit Vulnerability Discovery CVE-2022-32250 …