A conversational AI system that listens, learns, and challenges

I recently read the Unlimited Results: Breaking Firmware Encryption of ESP32-V3 paper. This paper is about breaking the firmware encryption feature of the ESP32 SoC using a Side-Channel attack. This was an interesting read, and soon, I wanted to try to reproduce…

“No one cares about the old […]

Writeup of a remote code execution in Factorio by supplying a modified save file. - Valentin-Metz/writeup_factorio

New vulnerabilities discovered in the Bosch Rexroth NXA015S-36V-B, a popular smart nutrunner used in automotive production lines, may halt production or compromise safety.

VulnCheck bypasses the Apache OFBiz Groovy sandbox to land a memory resident reverse shell.

Security tends to lag behind adoption, and AI/ML is no exception.  Four months ago, Adnan Khan and I exploited a critical CI/CD vulnerability in PyTorch, one of the world’s leading ML platform…

It’s been a while since I wrote an “attack of the week” post, and the fault for this is entirely mine. I’ve been much too busy writing boring posts about Schnorr signatures!…

I’m going to tell you how Exploit Observer has revolutionized the ways of automated exploit discovery & analysis at A.R.P. Syndicate.

elttam is an independent security company providing research-driven security assessment services. We combine pragmatism and deep technical insight to help our customers secure their most important assets.

Including new features, bug fixes, and more that have landed in UNBLOB in the second half of 2023.

elttam is an independent security company providing research-driven security assessment services. We combine pragmatism and deep technical insight to help our customers secure their most important assets.

Overview The primary tactic we will be exploring in this post is the use of proxies inside of a target network. There are a lot of different types of proxies for both offense and defense. This post…

Mirth Connect, by NextGen HealthCare, versions prior to 4.4.1 are vulnerable to an unauthenticated RCE vulnerability, CVE-2023-43208.

Introduction Back in Aug. 2023 we released an advisory for CVE-2023-39143, a critical vulnerability that affects Windows installs of the PaperCut NG/MF print management software. Attackers can exploit this vulnerability […]

Simple Windows and Linux keystroke injection tool that exfiltrates stored WiFi data (SSID and password). - AleksaMCode/WiFi-password-stealer

Article describing an alternative method to trigger shellcode execution