General information about BSides SATX 2023

HTTP 403 bypass tool. Contribute to trap-bytes/403jump development by creating an account on GitHub.

It is not uncommon developers or users responsible to write code (i.e. detection engineers using Sigma) to utilize Visual Studio Code as their code editor. The default capability of the product can…

Below is a recent Threat Brief that we shared with our customers. Each year, we produce over 20 detailed Threat Briefs, which follow a format similar to the below. Typically, these reports include …

Uncover the persistent threat of Account Takeover (ATO) and the emerging challenge of On-Device Fraud (ODF) in online banking. Learn how advanced Android banking trojans Copybara enable remote-controlled attacks and explore the tactics of threat actors, from…

Thoughts and experiments on software, security and better coding practises.

Exploit Observer aggregates & interprets exploit/vulnerability data from all over the Internet. Consequently, it has evolved into The World's Largest Exploit & Vulnerability Intelligence Database and is freely accessible to all.

Introduction to Smishing: Understanding SMS Phishing Tactics In the evolving landscape of cybersecurity threats, smishing—or SMS phishing—stands out as a formidable technique employed by adversaries to exploit human vulnerabilities. Smishing operates on a…

How to extract raw source protobuf definitions from compiled binaries, regardless of the target architecture

By Suha S. Hussain We’ve added new features to Fickling to offer enhanced threat detection and analysis across a broad spectrum of machine learning (ML) workflows. Fickling is a decompiler, static …

“Security is in the mind of […]

Windows File Explorer is the is the graphical file management utility for the Windows operating system and the default desktop environment. Windows explorer was introduced in Windows 95 and it is a…

As we do a lot of ICS/OT testing in our daily business, we thought this release should reflect our usual EMBA usage scenario. Welcome to another huge EMBA release with a lot new features: EMBA v1.4...

The Application Security domain has evolved significantly over the last decade. It’s no surprise then, that with this evolution, comes a jungle of tools that not only causes a lot of confusion, but also a lot of noise, and overlapping messages.

With a Side of IP TTL-based Origin Triangulation

Introduction to Smishing: Understanding SMS Phishing Tactics In the evolving landscape of cybersecurity threats, smishing—or SMS phishing—stands out as a formidable technique employed by adversaries to exploit human vulnerabilities. Smishing operates on a…

The following table contains all the techniques covered and whether or not administrator rights are needed to establish persistence. NoTechniqueMITRE IDAdministrator Rights1Registry Run KeysNo2Serv…

In this post we'll show you how to bypass CSP by using an often overlooked technique that can enable password theft in a seemingly secure configuration. What is form hijacking? Form hijacking isn't re

This technique allows to impersonate any Bluetooth device and inject keystrokes that allows an attacker to open unwanted website, install malware or lockout user from the smartphone. Further I will explain how Bad Bluetooth attacks work, how they can be carry…