Observe and reprogram running programs on Windows, macOS, GNU/Linux, iOS, watchOS, tvOS, Android, FreeBSD, and QNX

Learn how to access and recover replicated secrets in order to achieve eternal persistence in an Active Directory environment. Understand the steps involved in decoding replication traffic and understanding RPC calls.

Orange Tsai tweeted a few hours ago about “One of [his] PHP vulnerabilities, which affects XAMPP by default”, and we were curious to say the least. XAMPP is a very popular way for administrators and developers to rapidly deploy Apache, PHP, and a bunch of…

Thinking in states to handle information security complexities

A guide for detection engineers to establish their workflows & methodologies

Security reports: efficient and straightforward. The simplest way to detect and fix vulnerabilities

Denoscription of the CAA accounturi binding to mitigate or prevent domain verification bypasses and monitoring approaches like certificate transparency log analysis.

It is easy!

Key Takeaways In October 2023, we observed an intrusion that began with a spam campaign, distributing a forked IcedID loader. The threat actor used Impacket’s wmiexec and RDP to install Scree…

An interesting authentication bypass exploit in Veeam Backup Enterprise Manager

September 13-15, 2024 in Savannah, GA

CVE-2024-29824 Ivanti EPM SQL Injection Remote Code Execution Vulnerability. This blog details the internals of a SQLi RCE vulnerability.

This post contains the cryptographically-signed BusKill warrant canary #008 for June 2024 to January 2025.

POC — CVE-2024–4956 — Nexus Repository Manager 3 Unauthenticated Path Traversal