73 votes and 4 comments so far on Reddit

apk.sh makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK. - GitHub - ax/apk.sh: apk.sh makes reverse engineering...

so i had to crack my way into public information, controversial topics and statistics on chatgpt. if you haven't noticed, there's a woke filter. while chatgpt claims to be programmatically incapable of political correctness, that is not the case at all. but…

Vulnerabilities found on Arcadyan Routers - Asher Davila L. - Arcadyan Vulnerabilities.md

A python noscript to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods. - GitHub - p0dalirius/Coercer: A python noscript to automatically coerce a Windows...

June 2023 Update — Hardwear.io Conference Talk:

Aqua discusses how Tracee monitors for the Dirty Pipe vulnerability and how in-kernel technology like eBPF monitors writes that result from it

Mitigate the risk of isolation escape with a new framework for modeling and improving tenant isolation in cloud SaaS and PaaS.

A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass...

Tl;dr : This article is analysis of over 50 submissions for a JavaScript integer overflow challenge. Many submissions did not address the root cause. A range check on the input as well as arithmetic output using a right data type can eliminate the vulnerability.…

Talks/WorkshopsThe BSidesSF 2023 CFP is now closed. Check back for updated deadlines for accepted presenters. January 24, 2023 – Notifications on talk/workshop acceptance/rejection start bei...

First time anti-debug techniques are discovered in PyPI malware. Read how these techniques are implemented, including analysis and tips from JFrog Security Research.

An international operation targeting tools and services used to commit serious cyber attacks has seen the takedown of 48 of the world’s most popular ‘booter’ sites.

Earlier this year, the SEC Consult Vulnerability Lab published a technical security advisory on different critical vulnerabilities in Zyxel devices, resulting from insecure coding practices and insecure configuration. Those also included a highly critical…

We chose to investigate the services provided by LEGO, perhaps the most famous toy manufacturer in the world – because we contend this example sheds light on the reality of quick adoption of APIs and the risks that can come with that fast pace.

The venerable cryptographic hash function has vulnerabilities that make its further use inadvisable.

Musk has boasted of entrapping a Tesla leaker by watermarking emails, and he is threatening any dissidents still at Twitter.

Summary A vulnerability in the UMPD (User-Mode Printer Drivers) allows local users to trigger a use-after-free vulnerability. The vulnerability works from Windows 8 and above, and is fairly easy to exploit on older Windows machines. Credit An independent…

Introduction This is the second part of our Decentralized Identity (DID) blog series. In case you’re not familiar with DID concepts, we highly encourage you to start with the first part. This time...