This is a gif of the exfiltration process (We've increased the speed so you're not waiting around for 1 minute). Read on to discover how this works... CSS Cafe presentation I presented this technique

BugProve discovers additional zero-day vulnerabilities in Zyxel's personal cloud storage device. Detailed writeup of the firmware analysis process.

This is the second post in a two-part series on DNS rebinding. In this post, I introduce new techniques for achieving reliable, split-second DNS rebinding in Chrome, Edge, and Safari when IPv6 is available, as well as a technique for bypassing the local network…

GitHub Gist: instantly share code, notes, and snippets.

Security experts

Determining the intent behind a package publication is notoriously difficult. Is it a legitimate threat actor or a security researcher? We can rarely make this determination, so Phylum generally errs on the side of caution and annotates packages that exhibit…

Dasharo User Group (DUG) #4 and Dasharo Developers vPub 0x9 When? 07th December 2023 5PM UTC to last hacker standing...

A modern investigation of the Windows loader architecure and loader lock

Using CVE-2023-43641 as an example, I’ll explain how to develop an exploit for a memory corruption vulnerability on Linux. The exploit has to bypass several mitigations to achieve code execution.

APIs (Application Programming Interfaces) enable software systems and applications to communicate and share data. API testing is important as ...

Introduction In August 2023, Google published research they did on AI-powered fuzzing. They showed they could automatically improve fuzzing code coverage of C/C++ projects already enrolled in OSS-F…

This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.

Akamai researchers discovered a new set of attacks against Active Directory (AD) using Microsoft DHCP servers that can lead to full AD takeover.

BSidesSF is soliciting submissions for the annual BSidesSF conference on April 26-27, 2025. Call for Participation is currently open for all tracks.Note: We DO NOT provide speaker or travel ...

Multiple vulnerabilities in Mitel Unify OpenStage and OpenScape phones allow a remote compromise in the unhardened default configuration and an elevation of privileges to become the root user.

Russia is one of the world’s most prolific cyber actors and dedicate significant resource into conducting cyber operations around the globe. The UK government has publicly attributed malign cyber activity to parts of three Russian Intelligence services: the…

Legit Security | Uncovering 'AIJacking': How Attackers Exploit Hugging Face for AI Supply Chain Attacks - A Deep Dive into Vulnerabilities and Risks.

SkySafe Miscellaneous Reverse Engineering Blog. Contribute to skysafe/reblog development by creating an account on GitHub.