It's time to wrap up our series on the security of Visual Studio Code with new vulnerabilities in the NPM integration, bypassing the Workspace Trust security feature.

Fixed an error in Mac OS M1 and M2 that was caused by direct subprocess execution. Special thanks to Tavi for reporting the issue in the extension.
Added a logger to aid in debugging the encryption...

Blackwing Intelligence provides high-end security engineering, analysis, and research services for engineering focused organizations

In the idealistic world of security research, we’d be faced with the latest versions of off-the-shelf enterprise products, primed with fresh hardened code ready for analysis and code kung-fu.

In reality, however, enterprises and users often don’t update…

Azure mindmap for penetration tests. Contribute to synacktiv/Mindmaps development by creating an account on GitHub.

File name: 6558073e997da5ca440b5a4b.exe

Microsoft has uncovered a supply chain attack by Diamond Sleet involving a malicious variant of an application developed by CyberLink Corp.

Think your password is strong? Ever trusted a password strength tool online (or maybe you don't trust anything)? You might be surprised to see how far off the mark some of the most popular password strength tools are.

CVE-2023-46604 discloses a Remote Code Execution (RCE) flaw within Apache ActiveMQ. This vulnerability is trivial to exploit and its leveraged by threat actors.

Hide 🕵️‍♂️ your files of any type inside a image of your choice using steganography - GitHub - JoshuaKasa/van-gonography: Hide 🕵️‍♂️ your files of any type inside a image of your choice using ste...

Comprehensive guide on how to convert your RCE vulnerability into a fully functional metasploit module, that will spawn any payload. We use CVE-2023-32781 as our example.

Pen Test Report Generation and Assessment Collaboration - factionsecurity/faction

Azure Active Directory (Entra ID) stands as one of the most popular and widely-used cloud-based identity and access management services provided by Microsoft. It serves as a comprehensive solution for managing user identities and controlling access to a diverse…

A Slack bot phishing framework for Red Teaming exercises - GitHub - Drew-Sec/EvilSlackbot: A Slack bot phishing framework for Red Teaming exercises

LostTrust Ransomware malware technical analysis and research

A fast domain and typosquatting discovery tool

“The attack surface is the vulnerability. […]

Information Rights Management extends far beyond traditional data security measures. It is the solution that allows organizations to maintain the integrity of their data, protecting it from unauthorized access and potential breaches. It secures critical information…

Protecting your user's personal medical information is vital in healthcare apps. Here's how to make sure you're doing everything to keep that data safe -

TL;DR An overview of a fuzzing project targeting the Hyper-V VSPs using Intel Processor Trace (IPT) for code coverage guided fuzzing, built upon WinAFL, winipt, HAFL1, and Microsoft’s IPT.sys....