PoC for a new sleep obfuscation technique leveraging waitable timers to evade memory scanners. - GitHub - Idov31/Cronos: PoC for a new sleep obfuscation technique leveraging waitable timers to evad...

Static analysis tool based on clang, which detects source-to-binary information leaks in C and C++ projects - GitHub - ergrelet/cpplumber: Static analysis tool based on clang, which detects source-...

On August 9, the @GoogleVRP Twitter account as well as multiple Googlers started teasing an event with a link to a login page as well as a video. This small post exlains how to get the password and what it reveals.

Shift + F10 bypass and privilege escalation

Your password strength is influenced by where you live. Understand which macrosocial factors influence your password selection strategies in this article.

This post introduces Vultron, a protocol for multi-party coordinated vulnerability disclosure (MPCVD).

The Memory Process File System. Contribute to ufrisk/MemProcFS development by creating an account on GitHub.

MD5-Monomorphic Shellcode Packer - all payloads have the same MD5 hash - GitHub - DavidBuchanan314/monomorph: MD5-Monomorphic Shellcode Packer - all payloads have the same MD5 hash

How can you share data securely via the web browser, using a third-party server? In this article, I explain how I created a end-to-end encrypted note sharing service called Noteshare.space, how the security mechanism works, and how to securely encode decryption…

My dear Bagginses and Boffins, Tooks and Brandybucks, Grubbs, Chubbs, Hornblowers, Bolgers, Bracegirdles and Proudfoots - it is time for some new shit.
We are going to explore the wonderful world of Active Directory Certificate Services, aka ADCS.
If you…

Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.

Detecting and Mitigating the GateKeeper User Override on macOS in an Enterprise Environment

dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team! - GitHub - punk-security/dnsReaper: dnsReaper - subdomain takeover tool for attackers, bug bounty hunters an...

In this blog post, the main difference between signature-based and behavior-based Detections are explained. In addition, examples are shown with respective D...

Ken Thompson's "Trusting Trust" compiler Trojan attack was not just a thought experiment. In fact, Usenet poster Jay Ashworth stated that, from personal communications, Thompson really did launch this attack in real life and successfully compromised the Unix…

Enhance your malware detection with WAF + YARA (WAFARAY) - GitHub - alt3kx/wafaray: Enhance your malware detection with WAF + YARA (WAFARAY)

source: https://null2root.github.io/blog/2022/07/21/When-Hypervisor-Met-Snapshot-Fuzzing.html 1. IntroductionHypervisor was known as hard target to fuzz over several years. Even though, lots of prior