The infamous Clop ransomware, mainly known as Cl0p, targets various industries and organizations, extorting data for a huge amount of ransom. It advances actively with new emerging campaigns. This blog walks through the Clop timeline, Mitre TTPs and their…

-> Setting up the environment + […]

Vulnerability intelligence that predicts avenues of attack with speed and accuracy.

Organizations should prioritize cloud defense in depth. With a strong security plan, you can lay a foundation for a secure cloud environment.

Without altering a single line of code, attackers poisoned the NPM package “bignum” by hijacking the S3 bucket serving binaries necessary for its function and replacing them with malicious ones

This Technical Series blog investigates the Flutter framework ​(Google, n.d.)​ and the methods for bypassing its detections on iOS.

Microsoft IR investigation of a BlackByte 2.0 ransomware attack progressed thru full attack chain from initial access to impact in five days.

No click or copy&paste required

Slinky Cat has been developed to automate some of the methods introduced in living off the land and to supplement ScrapingKit. To help security and IT teams reduce their AD exposures and uncover quick wins and fixes designed for pen-testers and defenders…

As a traditional application security engineer, I’m trying to adapt myself to the AI mayhem. This post covers my thoughts about prompt…

The Google Search Appliance (hereinafter referred to as GSA) is an enterprise search device launched by Google in 2002, used for indexing and retrieving internal or public network information

A Burp Suite Extension for pentester and bug bounty hunters an to maintain checklist, map flows, write test cases and track vulnerabilities - GitHub - Anof-cyber/Pentest-Mapper: A Burp Suite Exten...

Light-weight web security scanner. Contribute to introvertmac/EasyScan development by creating an account on GitHub.

evilginx3 + gophish. Contribute to fin3ss3g0d/evilgophish development by creating an account on GitHub.

Summary A vulnerability in EdgeRouters’s and AirCube’s miniupnpd allows LAN attackers to cause the service to overflow an internal heap and potentially execute arbitrary code. Credit An independent security researcher working with SSD Secure Disclosure. CVE…

Introduction We designed Vault Exploits Defense (VED) as a foundation security layer for various flavors of Linux operating system.

Determine privileges from cloud credentials via brute-force testing. - AbstractClass/CloudPrivs

ink! is a programming language for smart contracts. It can be used in parachains built on Substrate. There was a bug in the CallBuilder::delegate() method and ink_env::invoke_contract_delegate() function which returns unexpected values.