Introduction In this blog, we will discuss innovative rootkit techniques on a non-traditional architecture, Windows 11 on ARM64. In the prior posts, we covered rootkit techniques applied to a...

Ivanti has recently published an advisory for CVE-2023-38035. The vulnerability has been added to CISA KEV and is described as an authentication bypass in the Ivanti Sentry administrator interface.

Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Pers...

Learn how to effectively hunt for identity-based risks and threats in your Snowflake deployment to enhance security and protect your data with Rezonate.

Our security researchers recently discovered two critical vulnerabilities in Moodle that leverage the use of not impactful bugs.

A blazing-fast, thread-safe, straightforward and zero memory allocations tool to swiftly generate alternative IP(v4) address representations in Go. - dwisiswant0/ipfuscator

Background Modern cybersecurity operation centers significantly depend on two key elements: agent-based security solutions operating on desktops, laptops, and server operating systems, and a threat analysis system, often referred to as a Security Information…

This class teaches you how to exploit a race condition vulnerability leading to a use-after-free in the Kernel Transaction Manager (KTM) component of the Windows kernel.

This class teaches you some core concepts on the Windows operating system both in user and kernel lands.

A nostalgic journey back to the era of retro RPGs with a cyber twist in the theme of Die Hard - milosilo/hack_hard

Encrypted binaries, DNS exfiltration, and sophisticated attack chains hidden among a benign email validation tool.

Microsoft Excel a powerful spreadsheet tool you are not using to it's full potential to find attackers in your data

As part of our Continuous Automated Red Teaming and Attack Surface Management technology - the watchTowr Platform - we're incredibly proud of our ability to discover nested, exploitable vulnerabilities across huge attack surfaces.

Through our rapid PoC process…

We introduce a hybrid digital signature scheme based on two building blocks: a classically-secure scheme, ECDSA, and a post-quantum secure one, Dilithium. Our hybrid scheme maintains the guarantees of each underlying building block even if the other one is…

Remote Shellcode Injector. Contribute to florylsk/NtRemoteLoad development by creating an account on GitHub.

JPCERT/CC has confirmed that a new technique was used in an attack that occurred in July, which bypasses detection by embedding a malicious Word file into a PDF file. This blog article calls the technique “MalDoc in PDF” hereafter and...

CVE-2023-39810 is a directory traversal vulnerability in Busybox cpio discovered by Pentagrid during a penetration test.

We’ve previously reported on a Nokoyawa ransomware case in which the initial access was via an Excel macro and IcedID malware. This case, which also ended in Nokoyawa Ransomware, involved the…