Introduction This is the second part of our Decentralized Identity (DID) blog series. In case you’re not familiar with DID concepts, we highly encourage you to start with the first part. This time...

Author, test and deploy security tests. Contribute to preludeorg/build development by creating an account on GitHub.

OSCP 2022

TL;DR The modern frameworks are often very flexible with what they accept, and will happily treat a POST with a JSON body as interchangeable with a URL encoded body, or even with query parameters. Due to this, an unexploitable JSON XSS vector can sometimes…

IDA plugin which queries OpenAI's gpt-3.5-turbo language model to speed up reverse-engineering - GitHub - JusticeRage/Gepetto: IDA plugin which queries OpenAI's gpt-3.5-turbo langua...

TPMS Tracking

Venom is a library that meant to perform evasive communication using stolen browser socket - Idov31/Venom

Featuring Fontuscator

Raw sockets hacking - Date: 18/12/2022

This blog post describes a vulnerability found and exploited in November 2022 by NCC Group. The target was the TP-Link AX1800 WiFi 6 Router (Archer AX21).

When there isn't a Steampipe plugin to meet your need, the Net plugin's net_http_request table can save the day.

Cymulate researchers have discovered a new vulnerability and created a proof of concept. The technique based on it allows attackers to circumvent many EDR vendors.

Learn how Legit Security discovered a vulnerable GitHub actions workflow that affected Google, Apache and potentially many more. Get details on the vulnerability and what you can do to mitigate it.

By Sergi Martinez Overview It’s been a while since our last technical blogpost, so here’s one right on time for the Christmas holidays. We describe a method to exploit a use-after-free in the Linux kernel when objects are allocated in a specific slab cache…

Extracting firmware via UART and UBoot

We examined the password management solution Passwordstate of Click Studios and identified multiple high severity vulnerabilities (CVE-2022-3875, CVE-2022-3876, CVE-2022-3877).

Vulnerability scanner written in Go which uses the data provided by https://osv.dev - GitHub - google/osv-scanner: Vulnerability scanner written in Go which uses the data provided by https://osv.dev

Intro Normally, when a users backup their iOS device, the backup is saved into ~/Library/Application Support/MobileSync/Backup directory. The MobileSync directory is properly protected by TCC, as the backup can contain photos, contact information, everything…

A technical analysis where we use sentinel value to bypass the Latest Chrome v8 HardenProtect