USENIX Security brings together researchers, practitioners, system administrators, system programmers, and others to share and explore the latest advances in the security and privacy of computer systems and networks.

We decided to look into one of the most prevalent chargers on Norwegian roads

Today we are excited to release Shufflecake, a tool aimed at helping people whose freedom of expression is threatened by repressive authorities or dangerous criminal organizations, in particular: w…

Tunneling Internet traffic over Whatsapp. Contribute to aleixrodriala/wa-tunnel development by creating an account on GitHub.

Why msg_msg? The size of structure is control by userspace Firstly, the length of the msg_msg struct can be indirectly controlled from userspace, which means that msg can overlap the cache of the specified types.

Contribute to KULeuven-COSIC/Starlink-FI development by creating an account on GitHub.

Introduction When doing application security at scale, you have to make peace with the fact that some issues may as well find their way into production. While we work hard to make sure this almost never happens, we understand that it’s just a fact of life…

This malware encrypts files with the AES algorithm, either fully or partially. The extension of the affected files changes to “.royal”. Find out more in this technical analysis of the Royal Ransomware from SecurityScorecard’s Senior Malware Analyst, Vlad…

Introduction: Robert wants to develop a basic content management system (CMS) because he became sick of all the bloated systems that had too many features and needed initial configurations. In...

A tool for downloading, checking, and applying (CVE) patches to a repository.

Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.

A look at hacking insecure webapps that interact with Salesforce's API, and SQL-Injection like attacks in SoQL

TL;DR: Trail of Bits has developed abi3audit, a new Python tool for checking Python packages for CPython application binary interface (ABI) violations. We’ve used it to discover hundreds of inconsistently and incorrectly tagged package distributions, each…

The story of how I could steal credentials on Infosec Mastodon with a HTML injection vulnerability, without needing to bypass CSP. Everybody on our Twitter feed seemed to be jumping ship to the infose

GuardDog is an open-source tool to identify malicious PyPI packages through source code and metadata analysis

Varonis Threat Labs found a SQL injection vulnerability and a logical access flaw in Zendesk Explore, the reporting and analytics service in the popular customer service solution, Zendesk.

Impalabs is releasing Hyperpom, a 64-bit ARM binary fuzzer written in Rust and based on the Apple Silicon's hypervisor. It is mutation-based and coverage-guided. This article gives an overview of its internals, presents the different components it consists…

Introduction Who are you? That’s a hard question to answer. Many philosophers have been fascinated with this question for years. Who are you in cyberspace? Your digital identity is comprised of...