Dependuck provides dependency scanning to help you identify and fix known vulnerabilities in your dependencies. Find dependency vulnerabilities and more.

Background The key has always been a core target of security protection.

How attackers can find and use AWS Account IDs

Issue was disclosed on April 11th, 2023 & was fixed earlier. Linkedin rewarded with a bounty of $10000 for responsible disclosure.

Today, Microsoft is reporting on a distinct subset of Mint Sandstorm (formerly known as PHOSPHORUS), an Iranian threat actor that specializes in hacking into and stealing sensitive information from high-value targets. This subset is technically and operationally…

Russian cyber-attack targets Cisco devices. Read on for the details and suggested mitigations.

Reasonably undetected shellcode stager and executer. - MitchHS/Mischief-DLL-Stager

In 2022, the Citizen Lab gained extensive forensic visibility into new NSO Group exploit activity after finding infections among members of Mexico’s civil society, including two human rights defenders from Centro PRODH, which represents victims of military…

Cado and Permiso researchers team up to do a breakdown of Legion's toolset and discuss the review some of the differences between Legion and the likes of AndroxGh0st and Greenbot.

Search for c2 servers based on netlas. Contribute to michael2to3/c2-search-netlas development by creating an account on GitHub.

Awesome EDR Bypass Resources For Ethical Hacking. Contribute to tkmru/awesome-edr-bypass development by creating an account on GitHub.

Driver-based attacks against security products are on the rise

Web3 technologies are seeing widespread adoption — including by TAs. We discuss Web3 technology InterPlanetary File System (IPFS), and malicious use of it.

Learn how to easily create deserialization exploit payloads in MessagePack’s Typeless mode.

Although the Android base is open source, many different constructors customize it with their own UIs and APIs. All these additions represent an extra attack surface that can change from one phone model to another. We tried to automatically fuzz the closed…

CVE-2023-29084 analysis

In the previous blog post, we described how the Docker research started and showed how we could gain a full privilege escalation through a vulnerability in Docker Desktop. In this follow-up blog...

Ahnlab Security Emergency response Center (ASEC) has recently confirmed that the 8220 Gang attack group is using the Log4Shell vulnerability to install CoinMiner in VMware Horizon servers. Among the systems targeted for the attack, there were Korean energy…