I reversed the firmware of my Garmin Forerunner 245 Music back in 2022 and found a dozen or so vulnerabilities in their support for Connect IQ applications. They can be exploited…

In this post, we take a look at an anti-forensics technique that malware can leverage to hide injected DLLs. We dive into specific details of the Windows Process Environment Block (PEB) and how to abuse it to hide a malicious loaded DLL. Background: You may…

Documents from the "Vulkan leak" both in russin (original) and english (translated).

ThePhish: an automated phishing email analysis tool - GitHub - emalderson/ThePhish: ThePhish: an automated phishing email analysis tool

Posted by Igbeen12 - No votes and 2 comments

In today’s digital landscape, generative AI has the potential to become an essential tool for web applications, offering personalized and…

Article discussing GCP Cloud Function Abuse covering Local File Inclusion (LFI), Server-Side Request Forgery (SSRF), and Command Injection vulnerabilities. Explains how these vulnerabilities can be exploited to get access to authorization tokens and other…

PaperCut CVE-2023-27350 Technical Deep-Dive, Indicators of Compromise, and Exploit Proof-of-Concept.

Contribute to cyberark/ChattyCaty development by creating an account on GitHub.

Originating from the Bishop Fox team, Sliver is an open-source, cross-platform, and extensible C2 framework. It's written primarily in Go, making it fast, portable, and easy to customize. This versatility makes it a popular choice among red teams for adversary…

Hacking new SushiSwap router contract. Including full proof of concept and demo environment.

c0c0n is a 15 years old platform that is aimed at providing opportunities to showcase, educate, understand and spread awareness on Information Security, data protection, and privacy. It also aims to provide a hand-shaking platform for various Corporate, Government…

The Aqua Nautilus research team found detected thousands of exposed registries and artifact repositories in some of the world’s largest organizations

As a rule, book reviews are not a thing I usually do. So when I received an out-of-the-blue email from Cory Doctorow last week asking if I would review his latest book, Red Team Blues, it took a mi…

Update on our progress on the 3D-printable BusKill prototype, a DIY USB kill cord to protect your laptop's data from thieves.

In depth analysis of new python malware. Highlights: 22 malicious packages detected, C2 comms capable via TOR, manueaverable and stealth...

This talk provides an overview of how Google uses AI to strengthen Gmail's document defenses and withstand attacks that evade traditional AVs

KeePassXC Password Manager