Tim Perry recently claimed in an article that “Android 14 blocks all modification of system certificates, even as root”. This sparked significant discussion on Hacker News. Thankfully my tests show that it is still possible to adjust the system certificate…

Retrieve inner payloads from Donut samples. Contribute to volexity/donut-decryptor development by creating an account on GitHub.

The "Common Vulnerabilities and
Exposures" (CVE) system was launched late
in the previous century (September 1999) to track vulnerabilities in
software. Over the years since, it has had a somewhat checkered
reputation, along with some some attempts to
replace…

Explore the vital role of quality assurance (QA/QC) backend processes in cryptocurrency exchanges ensuring quality and reliability.

Explore OpenAPI security best practices. Learn the key methods and how they're implemented. See how liblab enhances SDK creation.

Following the adventure of manually discovering network-based vulnerabilities in the Linux kernel, I'm adding ksmbd-fuzzing functionality to the already extensive kernel-fuzzing tool that is Syzkaller.

0x01 PrefaceHere is the explicit denoscription about Spring Kafka deserialization vulnerability in Vmware security bulletin. Reference https://spring.io/security/cve-2023-34040 According to the descrip

The article covers the concept of SBOM, its advantages, popular formats and practical implementations for both Java and Python projects.

Introduction When fuzzing large-scale applications, using a single server (even with 4 64-core AMD Ryzen CPUs) may not be powerful enough by itself. That’s where parallelized/distributed fuzzing comes in (i.e. automatic sharing of results between fuzzing…

IT-Sicherheit beim elektronischen Gesundheitsdossier im Fürstentum Liechtenstein

Due to a recent Google change, MFA isn't truly MFA.

Learn about VulnCheck's development of an exploit for CVE-2023-36845, leading to stealthy code execution on Juniper firewalls, while also assessing the prevalence of unpatched systems in the wild.

AMBERSQUID is a cloud-native cryptojacking operation that leverages AWS services and can cost victims more than $10,000/day.

Defend yourself against tracking and surveillance. Circumvent censorship.

CVE-2023-38346 is a directory traversal vulnerability in Wind River's tarExtract function in VxWorks discovered by Pentagrid during a penetration test and source code review.

Explore this post and more from the netsec community

Dissecting DarkGate’s new key log encryption and tools to decrypt key log files