I’m building an open-source USB drive with a hidden self-destruct feature. Say goodbye to your data if you don’t lick your fingers before plugging it

Team82 discloses details on vulnerabilities in Dataprobe iBoot-PDUs that expose power distribution units to remote code execution.

Before it was patched, #AttachMe could have allowed attackers to access and modify any other users' OCI storage volumes without authorization, thereby violating cloud isolation. Upon disclosure, the vulnerability was fixed within hours by Oracle. No customer…

Binary Golf Grand Prix. Contribute to netspooky/BGGP development by creating an account on GitHub.

TrustedSec's blog is an expert source of information on information security trends and best practices for strategic risk management.

Follow Us Down The Rabbit Hole The security summit for researchers / by researchers It’s time to declare your intent. December 18 • Tel Aviv Zappa MidTown, Derech Menachem Begin 144 REGISTER We have full house. Registration is closed. Researchers are coming…

Contribute to 3xp0rt/LockBit-Black-Builder development by creating an account on GitHub.

Huge thanks to Yaron Avital, Tyler Welton and Daniel Krivelevich for their contribution to this research. Intro As adoption of CI systems and processes becomes more prevalent, organizations opt for a CI/CD architecture which combines SaaS-based source control…

We recently discovered several vulnerabilities in OneDev 7.2.9 that allowed attackers to fully compromise a server and even break out of a Docker environment.

Well, it’s been a long time ago since our beloved JuicyPotato has been published. Meantime things changed and got fixed (backported also to Win10 1803/Server2016) leading to the glorious end …

Loading Fileless Remote PE from URI to memory with argument passing and ETW patching and NTDLL unhooking and No New Thread technique - GitHub - D1rkMtr/FilelessRemotePE: Loading Fileless Remote PE...

Every week, almost without fail, I come across one thing that confuses, entertains, or most commonly infuriates me. I’ve decided to keep a…

Every week, almost without fail, I come across one thing that confuses, entertains, or most commonly infuriates me. I’ve decided to keep a…

Application security issues found by Assetnote

On August 24th, 2022, we reported a vulnerability to Netlify affecting their Next.js "netlify-ipx" repository which would allow an attacker to achieve persistent cross-site noscripting...

Understanding the operation and limitations of Sysmon's first preventive mechanism: the FileBlockExecutable event.

We take a deep dive into Roshtyak, the DLL backdoor payload associated with Raspberry Robin. Roshtyak is full of anti-analysis tricks. Some are well-known, and some we have never seen before. From a technical perspective, the lengths Roshtyak takes to protect…

HTTP header injection is often under-estimated and misclassified as a moderate severity flaw equivalent to XSS or worse, Open Redirection. In this post, I'll share a simple technique I used to take a

A string of recent attacks has made it clear that ‘classic’ ways of doing MFA are not sufficient. This guide provides instructions for setting up a MacBook Pro’s Touch ID fingerpr…