Although the Android base is open source, many different constructors customize it with their own UIs and APIs. All these additions represent an extra attack surface that can change from one phone model to another. We tried to automatically fuzz the closed…

CVE-2023-29084 analysis

In the previous blog post, we described how the Docker research started and showed how we could gain a full privilege escalation through a vulnerability in Docker Desktop. In this follow-up blog...

Ahnlab Security Emergency response Center (ASEC) has recently confirmed that the 8220 Gang attack group is using the Log4Shell vulnerability to install CoinMiner in VMware Horizon servers. Among the systems targeted for the attack, there were Korean energy…

CRIL analyzes the ongoing evolution of Qakbot malware and how it infects users using OneNote attachments and chm files.

Ahnlab Security Emergency response Center (ASEC) has recently confirmed that the 8220 Gang attack group is using the Log4Shell vulnerability to install CoinMiner in VMware Horizon servers. Among the systems targeted for the attack, there were Korean energy…

The question of automatic dependency updates came up in our Slack channel the other day. There was a lot of nodding on how it is a good thing. Tools like Dependabot and Renovate were mentioned. Yet I was a dissenting voice. Why?
The case for automatic dependency…

I reversed the firmware of my Garmin Forerunner 245 Music back in 2022 and found a dozen or so vulnerabilities in their support for Connect IQ applications. They can be exploited…

In this post, we take a look at an anti-forensics technique that malware can leverage to hide injected DLLs. We dive into specific details of the Windows Process Environment Block (PEB) and how to abuse it to hide a malicious loaded DLL. Background: You may…

Documents from the "Vulkan leak" both in russin (original) and english (translated).

ThePhish: an automated phishing email analysis tool - GitHub - emalderson/ThePhish: ThePhish: an automated phishing email analysis tool

Posted by Igbeen12 - No votes and 2 comments

In today’s digital landscape, generative AI has the potential to become an essential tool for web applications, offering personalized and…

Article discussing GCP Cloud Function Abuse covering Local File Inclusion (LFI), Server-Side Request Forgery (SSRF), and Command Injection vulnerabilities. Explains how these vulnerabilities can be exploited to get access to authorization tokens and other…

PaperCut CVE-2023-27350 Technical Deep-Dive, Indicators of Compromise, and Exploit Proof-of-Concept.

Contribute to cyberark/ChattyCaty development by creating an account on GitHub.

Originating from the Bishop Fox team, Sliver is an open-source, cross-platform, and extensible C2 framework. It's written primarily in Go, making it fast, portable, and easy to customize. This versatility makes it a popular choice among red teams for adversary…