We're excited to announce that Socket now supports the Python programming language.

Discover effective incident response in Google Cloud. Learn how to analyze forensic artifacts for swift resolution. Expert insights on Sygnia blog.

In this post, we present the first findings from our current research into Cloud Development Environments (CDEs) — which allowed a full account takeover through visiting a link, exploiting a commonly misunderstood vulnerability (WebSocket Hijacking), and…

Reading Future Internet PKI schemes need to be bootstrapped through web
PKI I was
reminded by all the problems I’ve had with SSH (Secure SHell) PKI (Public Key
Infrastructure). SSH host verification is trust-on-first-use (TOFU). So SSH is
protected from man…

ESET researchers are the first to publish an analysis of BlackLotus, the first in-the-wild UEFI bootkit capable of bypassing UEFI Secure Boot.

Given the widespread usage of OAuth, any vulnerabilities found in its components or their implementations may lead to considerable security impact in the applications and services using them.

Abstract Once threat actors gain a foothold on a system, they must implement techniques to maintain that access, even in the event of restarts, updates in credentials or any other type of change...

Our March 2023 update regarding the LastPass security breach incident including our additional security measures and recommended actions for our LastPass users.

A prebuilt Docker image for this release is available for x86_64 architectures:
docker pull ghcr.io/praetorian-inc/noseyparker:v0.12.0

Additions


The scan command can now be given Git https URLs,...

Want to use SSH for reverse shells? Now you can.

I managed to exploit the Nintendo DSi browser 15 years after it was released in Japan. This post will go over the journey and the technical details.

By Nati Tal (Guardio Labs)

This post explores an often overlooked type of subdomain takeover attack I am dubbing "passive takeover."

How to use Codecepticon for obfuscating offensive security tooling, such as Rubeus

PrologueIn the last blog post, we learned some debugging concepts, understood what is IOCTL how to handle it and started to learn how to validate the data th...

Introduction  In this blog post, we tell a tale of how we discovered a novel attack against ECDSA and how we applied it to datasets we found in the wild, including the Bitcoin and Ethereum net…

Breaking into a Toyota CRM and exploiting it to view customer information.

Microsoft discovered that the SHEIN Android application periodically read the contents of the Android device clipboard and, if a particular pattern was present, sent the contents of the clipboard to a remote server.

Bypassing Client-Side Encryption with Burp Suite and PyCript

By abusing an HTTP Request Smuggling vulnerability on Outlook Web Access (OWA) for Exchange, it is possible to steal credentials of unsuspecting Active Directory users trying to authenticate to OWA.

What is TCG TPM 2.0? Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.