Resources for Application Security including Web, API, Android, iOS and Thick Client - Anof-cyber/Application-Security

In pentesting assessments and CTFs we always need reverse shells to execute commands on target machine once we have exploited a system and have a command injection at some point in our engagement.
For that we have an awesome project: revshells.com or reverse…

ETWHash is a small C# tool used during Red Team engagements, that can consume ETW SMB events and extract NetNTLMv2 hashes for cracking offline, unlike currently documented methods.

In this blog post an overview of the different components of a red team infrastructure is given. This includes explanations how these work, as well as the comparison of different solutions and their characteristics.

Thanks @rbran for the contributions!
backhand

Kind has been extended to take an CompressionAction to have a custom compression and decompression
algorithm. This defaults to the DefaultCompressor i...

A few weeks ago I ran into a conversation on Twitter about the weaknesses of applied cryptography textbooks, and how they tend to spend way too much time lecturing people about Feistel networks and…

A small utility to translate NTDS.dit files to SQLite format. - almandin/ntdsdotsqlite

As some of you may have seen, I posted a challenge to use Ghidra to identify a vulnerability in a WarGames themed game. There has been a…

In today's increasingly digital world, the need for robust cybersecurity measures has never been gre

Recently, we discussed various methods of persistence on corporate devices and a colleague of mine mentioned a tool he had written. We we...

The cybercriminals who breached MSI last month have apparently leaked the company's private code signing keys on their dark web site.

TL;DR ¶ A few months ago, while hunting on a public bug-bounty programme, I found a nice little bug chain that involved
an insecure message event listener, a shoddy JSONP endpoint, a WAF bypass, DOM-based XSS on an out-of-scope subdomain, a permissive CORS…

Compromising a host in a company’s perimeter often creates the opportunity to pivot into an internal network. From there on, each additional compromised system may grant us access into further subnets. Pivoting like this is second nature to …

Note : This work took place in May-Aug of 2022. It just took me this long to finally finish writing this (Too busy playing with my SRD 😅) L...

Recently, a new trend has emerged in the world of ransomware: intermittent encryption, the partial encryption of targeted files. Many ransomware groups, such as BlackCat and Play, have adopted...

A wishlist of AWS IAM feature requests

This post details two bugs I found, a plist injection (CVE-2023-27328) and a race condition (CVE-2023-27327), which could be used to escape from a guest Parallels Desktop virtual machine. In this post I’ll break down the findings.

elttam is an independent security company providing research-driven security assessment services. We combine pragmatism and deep technical insight to help our customers secure their most important assets.

Revolutionize firmware extraction with UNBLOB! Discover the latest developments & advancements in this cutting-edge project. Don't miss latest blog post!