PSIM software integrates security apps, automates workflows, and unifies device control for a seamless user experience.

In today’s digital landscape, Active Directory (AD) serves as the backbone for managing network resources in most enterprise environments…

Setting up the environment + Hello World Inspecting and tampering HTTP requests and responses Inspecting and tampering WebSocket messages Creating […]

Introduction CVE-2024-25065 is a vulnerability that exists in Apache OFBiz before version 18.12.12. It is a path traversal vulnerability that allows authentication bypass through the contextPath...

While reversing a device, we stumbled across an interesting binary named unicorn . The binary appeared to be a developer utility potentially related to the Augentix SoC SDK. The unicorn binary is only executed when the device is set to developer mode. Fortunately…

This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.

FileSystem Monitor (fsmon) allows you to monitor file system events at runtime on Linux, OSX, iOS and Android systems. Useful for bug bounty hunters, malware analyst

Custom Hashcat Module for Apache Shiro 1 SHA-512

Discover the latest insights from the Cleafy Threat Intelligence team on new fraud campaigns involving the Medusa (TangleBot) banking trojan. Learn about Medusa's sophisticated capabilities, recent updates, and shifts in distribution strategies targeting…

elttam is a globally recognised, independent information security company, renowned for our advanced technical security assessments.

Explore how eBPF technology works by reverse engineering eBPF-based programs. Learn about its internals, benefits, and applications in modern computing

Qiling is an emulation framework that builds upon the Unicorn emulator by providing higher level functionality such as support for dynamic library loading, syscall interception and more. In this Labs post, we look into Qiling and how it can be used to emulate…

In the early hours of a day in a month in 2024, watchTowr Labs was sent a chat log:



13:37 -!- dav1d_bl41ne [def_not_phalanx@kernel.org] has joined #!hack (irc.efnet.nl)
13:37 -!- dav1d_bl41ne changed the topic of #!hack to: mag1c sh0w

Why write this?

This blog post details an application denial-of-service (DoS) vulnerability in WebRTC media servers handling DTLS-SRTP. Exploitation, detection and mitigation.

A critical, pre-authentication XML entity injection issue in Magento / Adobe Commerce (CVE-2024-34102), which Adobe rated as CVSS 9.8.