We will try to understand what a bug bounty is, why it’s important, and why it can complement auditing rather than replace it in order to…

Decompilers are essential when reverse engineering Android applications and binaries; unfortunately with static analysis it’s up to the reverse engineer to determine which of these complex paths to investigate.

Fortinet has released new Fortigate firmware updates that fix an undisclosed, critical pre-authentication remote code execution vulnerability in SSL VPN devices.

👻Stowaway -- Multi-hop Proxy Tool for pentesters. Contribute to ph4ntonn/Stowaway development by creating an account on GitHub.

Technical Deep-Dive and Indicators of Compromise for MOVEit Transfer CVE-2023-34362 SQL Injection to Remote Code Execution Vulnerability

In this intrusion, dated May 2023, we observed Truebot being used to deploy Cobalt Strike and FlawedGrace (aka GraceWire & BARBWIRE) resulting in the exfiltration of data and the deployment of …

About The Project Recently I’ve been building rudimentary file monitoring tools to get better at Golang, and build faux-watchdog programs for research at Arch Cloud Labs. Through this experimentation, I’ve identified some interesting gaps in the inotify subsystem…

An interesting case of Pre-authenticated RCE in VMware vRealize Network Insight (CVE-2023-20887)

We guard your domain, so you have peace of mind. Threat Visibility Platform.

Microsoft shares new details about techniques of a distinct Russian state-sponsored threat actor, now elevated to the name Cadet Blizzard.

A beginners hardware hacking journey of performing a BIOS password bypass on Lenovo laptops. In this article we identify what the problem is, how to identify a vulnerable chip, how to bypass a vulnerable chip, and finally identify why this attack works and…

Reverse engineering Spybot's Terminator tool (Zemana Antimalware driver) to achieve LPE as SYSTEM and unrestricted raw SCSI disk read/write.

New in 2023, in order to satisfy the CA, you must use a hardware security module (HSM) to protect your code signing private keys.

As cyber attacks become more diverse in exploiting technical and psychological weaknesses, playing cat and mouse is no longer viable.

Off-chain secure communication protocol with Zero-knowledge proof (Ring Signature) and metadata protection. - hardenedvault/vault1317

Cloning apk for bypassing code tampering detection, Google Safety Net and scanning vulnerable plugins - GitHub - Anof-cyber/MobSecco: Cloning apk for bypassing code tampering detection, Google Saf...

Cloning Cordova Mobile Apps to Bypass Security Implementations