Welcome to my blog ! Today we're going to unleashing the power of the Flipper Zero by installing some custom firmware. But before we get sta...

Summary A few months ago, I stumbled onto an interesting case of Client-Side Path Manipulation in private bug bounty program. Since I wanted to start a blog, and I noticed that another client side path traversal was mentioned in PortSwigger’s Top 10 web hacking…

In late August 2022, we investigated an incident involving Ursnif malware, which resulted in Cobalt Strike being deployed. This was followed by the threat actors moving laterally throughout the environment … Read More

Behind one of Gmail’s lesser-known features lies a potential threat to websites and platforms managers.

Detect and mitigate actions to assure readiness against a supply chain attack of your CICD Pipelines. Read more about it in Rezonate's blog here!

During our audits we occasionally stumble across ImageMagick security policy configuration files (policy.xml), useful for limiting the default behavior and the resources consumed by the library. In the wild, these files often contain a plethora of recommendations…

Explore cybersecurity white papers, data sheets, webinars, videos, informative blogs, and more with SecurityScorecard.

My collection of Semgrep rules for vulnerability detection on source code (swift, java) - GitHub - akabe1/akabe1-semgrep-rules: My collection of Semgrep rules for vulnerability detection on source ...

This post aims on showcasing one of the many possible techniques for bypassing antivirus solutions through in-memory patching of AMSI instructions.

5 years after NYCTrainSign collapsed, I investigate why the company failed and end up writing an exploit to take over their fleet.

Learn how we discovered a critical vulnerability in Cacti with the help of SonarCloud.

In this blog you can read how you can find a Google account (GAIA ID) of a user using a phone number (and/or email address)

Main Features:

Support for: GitHub Enterprise Server, GitLab Server, and GitLab Cloud
Added Legitify Custom GitHub Actions to ease Legitify CI/CD Automation

Changelog

bcf0773 feat: generalized S...

"Pre-Owned" malware in ROM on T95 Android TV Box (AllWinner H616) - GitHub - DesktopECHO/T95-H616-Malware: "Pre-Owned" malware in ROM on T95 Android TV Box (AllWinner H616)

How Does Cymulate Assess for Data Exfiltration? Learn more in this blog post by security advisor David Kellerman.

Posted in r/netsec by u/DevOpsMuffin39 • 1 point and 0 comments

By Max Ammann Trail of Bits is publicly disclosing four vulnerabilities that affect wolfSSL: CVE-2022-38152, CVE-2022-38153, CVE-2022-39173, and CVE-2022-42905. The four issues, which have CVSS sco…