Learn how to effectively hunt for identity-based risks and threats in your Snowflake deployment to enhance security and protect your data with Rezonate.

Our security researchers recently discovered two critical vulnerabilities in Moodle that leverage the use of not impactful bugs.

A blazing-fast, thread-safe, straightforward and zero memory allocations tool to swiftly generate alternative IP(v4) address representations in Go. - dwisiswant0/ipfuscator

Background Modern cybersecurity operation centers significantly depend on two key elements: agent-based security solutions operating on desktops, laptops, and server operating systems, and a threat analysis system, often referred to as a Security Information…

This class teaches you how to exploit a race condition vulnerability leading to a use-after-free in the Kernel Transaction Manager (KTM) component of the Windows kernel.

This class teaches you some core concepts on the Windows operating system both in user and kernel lands.

A nostalgic journey back to the era of retro RPGs with a cyber twist in the theme of Die Hard - milosilo/hack_hard

Encrypted binaries, DNS exfiltration, and sophisticated attack chains hidden among a benign email validation tool.

Microsoft Excel a powerful spreadsheet tool you are not using to it's full potential to find attackers in your data

As part of our Continuous Automated Red Teaming and Attack Surface Management technology - the watchTowr Platform - we're incredibly proud of our ability to discover nested, exploitable vulnerabilities across huge attack surfaces.

Through our rapid PoC process…

We introduce a hybrid digital signature scheme based on two building blocks: a classically-secure scheme, ECDSA, and a post-quantum secure one, Dilithium. Our hybrid scheme maintains the guarantees of each underlying building block even if the other one is…

Remote Shellcode Injector. Contribute to florylsk/NtRemoteLoad development by creating an account on GitHub.

JPCERT/CC has confirmed that a new technique was used in an attack that occurred in July, which bypasses detection by embedding a malicious Word file into a PDF file. This blog article calls the technique “MalDoc in PDF” hereafter and...

CVE-2023-39810 is a directory traversal vulnerability in Busybox cpio discovered by Pentagrid during a penetration test.

We’ve previously reported on a Nokoyawa ransomware case in which the initial access was via an Excel macro and IcedID malware. This case, which also ended in Nokoyawa Ransomware, involved the…

Here is a detailed analysis of the PyCript Burp extension. This extension for Burp Suite is particularly helpful for bug bounty hunters and pentesters who need to bypass client-side encryption and run automated scanners or tools on encrypted requests. I have…

“Presenting arguments that security can be seamlessly integrated into the SDLC process, along with examples of configured SAST tools.”

Multiple Vulnerabilities found in Techview LA-5570 Wireless Gateway Home Automation ControllerIntroductionThe Security Team at [exploitsecurity.io] uncovered multiple vulnerabilities in the Techview LA-5570 Wireless Home Automation Controller [Firmware Version…