Modified Emnoscripten compiler with LLVM-level obfuscation - HakonHarnes/emcc-obf

Public disclosure of CloudTrail bypass in AWS Service Catalog and other logging research.

The service control manager (SCM) is responsible to start and stop services in windows environments including device drivers and start up applications. Microsoft introduced in Windows 2000 and late…

Update 2023-03-21 – We’ve talked with members of the NuGet team and they had already detected and removed the malicious packages in question. Malicious packages are often spread by the open source NPM and PyPI package repositories, with few other repositories…

A Library for Detecting Known or Weak Secrets Across Many Web Frameworks

KillNet, a group that the US Department of Health and Human Services (DHHS) has called pro-Russia hacktivists, has been launching waves of attacks targeting governments and companies with focus on the healthcare sector. In this blog post, we provide an overview…

Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality. - GitHub - XaFF-XaFF/Black-Angel-Rootkit: Black Angel is a W...

Akamai researchers uncover and reverse engineer a new Go-based DDoS botnet.

ThreatLabz observed a new campaign targeting a Government organization in which the threat actors utilized a new Command & Control (C2) framework named Havoc

AhnLab Security Emergency response Center (ASEC) has recently discovered the ShellBot malware being installed on poorly managed Linux SSH servers. ShellBot, also known as PerlBot, is a DDoS Bot malware developed in Perl and characteristically uses IRC protocol…

A powerful technique for finding threats in Windows event logs.

This advisory contains information about the following vulnerabilities:
- Directory Traversal Arbitrary File Write Vulnerability

In this article, we′re going to discuss the CVE-2020-36620 vulnerability and see how a NuGet package for converting string to enum can make a C# application vulnerable to DoS attacks.

Mapping behaviors to auditd log events

JumpCloud is a Directory as a Service provider providing cloud native Directory service for cloud native companies. In a Red Team engagement or Pentest scenario, one may come across a API token which could have Administrative Privileges. Instead of going…

Terraform is the common tool if you work with IaC, but its security best practices must be followed carefully. This article provides that guidance.

Server-Side Request Forgery (SSRF) is a vulnerability that allows an attacker to trick a server-side application to make a request to an unintended location. SSRF, unlike most other specific vulnerabilities, has gained its own spot on the OWASP Top 10 2021.…

A guide to managing multiple AWS Accounts using AWS Organizations and how to reduce blast radius by leveraging Delegated Administrator capabilities within AWS Organization to avoid usage of the management root account. This post covers security benefits…

A new Android banking trojan might be spreading under the name of Nexus. It is promoted via a MaaS subnoscription and it contains some relations with an already known SOVA banking trojan. Read the full article to know more about this new player in cybercrime.