The first dynamic analysis framework for CPU microcode - x86 PAC · pietroborrello/CustomProcessingUnit@936a684

A threat actor is a term used to describe individuals whose purpose is to engage in cyber-related offenses. Learn the definition, types, motivations, and more.

In this post, we analyze a malicious PyPI package attempting to backdoor FastAPI applications.

All the deals for InfoSec related software/tools this Black Friday - GitHub - 0x90n/InfoSec-Black-Friday: All the deals for InfoSec related software/tools this Black Friday

Software signing just got easier. Sigstore The Easy Way guide is the most straightforward way to geting started with software signing & securing software supply chains.

TL;DR If you can find an unrestricted CORS endpoint, that also responds to the HTTP override headers, then potentially you can use it to access endpoints that aren’t enabled for CORS, bypass CSRF protections, and also deliver an XST (which will give you access…

I've been doing bug bounties for over 10 years now and over time, I have grown fonder of the life changing effects it has had for me. From job prospects, to being able to financially support those around me and myself. I believe that if you're passionate…

The simple way to detect heap memory pitfalls in C++ and C. Beta. - GitHub - CoolerVoid/heap_detective: The simple way to detect heap memory pitfalls in C++ and C. Beta.

A PoC ransomware sample to test out your ransomware response strategy. - hazcod/ransomwhere

The firmware of microcontrollers usually contains valuable data such as intellectual property and, in some cases, even cryptographic material.
In order to protect the confidentiality of these assets,

a smart DNS response-guided subdomain fuzzer. Contribute to elceef/subzuf development by creating an account on GitHub.

TLDR; a custom font can be used to avoid a plagiarism checker while still being human readable.

DNSSEC uses resource records like NSEC or NSEC3, which can be leveraged for subdomain enumeration. Different techniques for zone enumeration and countermeasures like White Lies and Black Lies are described in this blog post.

Vulnerability intelligence that predicts avenues of attack with speed and accuracy.

Configuration Manager often contain information that could be used by an attacker to find new attack paths or credentials that allow lateral movement.

An extensible developer-friendly application security platform that scans source code to surface true and actionable security issues with AI-assisted SAST, SCA, and Secrets Detection solutions.