Google Lets Anyone See Original Uncropped Images – Proof of Concept Details: https://theintercept.com/2023/02/14/whistleblower-image-crop-document/

By Maciej Domanski In fall 2022, Trail of Bits audited cURL, a widely-used command-line utility that transfers data between a server and supports various protocols. The project coincided with a Tra…

Summary   AMD internally discovered a potential vulnerability where certain AMD processors may speculatively execute instructions at an incorrect return site after an SMT mode switch that may potentially lead to information disclosure. AMD believes that due…

Server-side prototype pollution is hard to detect black-box without causing a DoS. In this post, we introduce a range of safe detection techniques, which we've also implemented in an open source Burp

A collection of various awesome lists for hackers, pentesters and security researchers - GitHub - misterch0c/Awesome-Hacking: A collection of various awesome lists for hackers, pentesters and secur...

Introduction Everyone knows what phishing is. It has been around for more than two decades. Now it seems that phishing is more accessible than before. This blog covers how malicious actors can...

Huawei Recovery Update Zip ToC-ToU Vulnerability

This post will help to provide historical context and demystify what's under the hood of Heads, PureBoot, and other tools to provide Trusted Boot. I will not be presenting anything new in this article; I merely hope to provide a historical timeline and a…

TrustedInstaller is a Service Account which is used to protect important Windows files and folders from unautorized modification. We take a look at how to obtain TrustedInstaller privileges to delete Windows Defender directory

Amazon Web Services (AWS) has 2 different policy versions for writing JSON IAM policies. This lesser known nuance creates issues with policy variables and newer features. This blog focuses on identifying IAM policies still using the outdated IAM language…

https://youtu.be/bDIIj3J7JcMSyslog is an open-source protocol used to collect log messages from many different sources, including operating systems, applications, routers, switches, and other network devices. It is used to manage network events, detect security…

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:

A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated…

A curated list of resources dedicated to reinforcement learning applied to cyber security. - GitHub - Limmen/awesome-rl-for-cybersecurity: A curated list of resources dedicated to reinforcement le...

OUSD R&E Sponsored Automated Reverse Engineering CTF - Ghidra Golf

Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.

Hacking Apple is no easy feat. With some of the most talented security professionals working on protecting their systems, it’s hard to…

Uncover the latest trends in the State of XIoT Security Report for 2H 2022. Discover the changing landscape of vulnerabilities in OT, IoT, and IoMT.

A light-weight first-stage C2 implant written in Nim. - GitHub - chvancooten/NimPlant: A light-weight first-stage C2 implant written in Nim.

Microsoft’s Azure B2C service misused cryptography, which allowed an attacker to craft an OAuth refresh token to access a victim account.

Small utility to chunk up a large BloodHound JSON file into smaller files for importing. - GitHub - ustayready/ShredHound: Small utility to chunk up a large BloodHound JSON file into smaller files ...