Writeup of a remote code execution in Factorio by supplying a modified save file. - Valentin-Metz/writeup_factorio

New vulnerabilities discovered in the Bosch Rexroth NXA015S-36V-B, a popular smart nutrunner used in automotive production lines, may halt production or compromise safety.

VulnCheck bypasses the Apache OFBiz Groovy sandbox to land a memory resident reverse shell.

Security tends to lag behind adoption, and AI/ML is no exception.  Four months ago, Adnan Khan and I exploited a critical CI/CD vulnerability in PyTorch, one of the world’s leading ML platform…

It’s been a while since I wrote an “attack of the week” post, and the fault for this is entirely mine. I’ve been much too busy writing boring posts about Schnorr signatures!…

I’m going to tell you how Exploit Observer has revolutionized the ways of automated exploit discovery & analysis at A.R.P. Syndicate.

elttam is an independent security company providing research-driven security assessment services. We combine pragmatism and deep technical insight to help our customers secure their most important assets.

Including new features, bug fixes, and more that have landed in UNBLOB in the second half of 2023.

elttam is an independent security company providing research-driven security assessment services. We combine pragmatism and deep technical insight to help our customers secure their most important assets.

Overview The primary tactic we will be exploring in this post is the use of proxies inside of a target network. There are a lot of different types of proxies for both offense and defense. This post…

Mirth Connect, by NextGen HealthCare, versions prior to 4.4.1 are vulnerable to an unauthenticated RCE vulnerability, CVE-2023-43208.

Introduction Back in Aug. 2023 we released an advisory for CVE-2023-39143, a critical vulnerability that affects Windows installs of the PaperCut NG/MF print management software. Attackers can exploit this vulnerability […]

Simple Windows and Linux keystroke injection tool that exfiltrates stored WiFi data (SSID and password). - AleksaMCode/WiFi-password-stealer

Article describing an alternative method to trigger shellcode execution

This is a write-up of a vulnerability that I discovered in Windows. The vulnerability was patched in December’s Patch Tuesday, and the CVE assigned to it is CVE-2023-36003. The vulnerability allows a non-elevated process to inject a DLL into an elevated or…

Did you have a good break? Have you had a chance to breathe? Wake up.

It’s 2024, and the chaos continues - thanks to Volexity (Volexity’s writeup), the industry has been alerted to in-the-wild exploitation of 2 incredibly serious 0days (CVE-2023-46805 and…

Revolutionizing Digital Asset Security with the DeRec Alliance 🌐 🔐 #DeRecAlliance #DigitalAssetSecurity #Hedera & #Algorand

A Golang package for scanning private and public IPs for open TCP ports 👁️ - CyberRoute/scanme

Major changes were made to the organization of this repo, with the library backhand now being separated from
the backhand-cli package, which is used to install unsquashfs, replace, and add.
backhan...