Schedule, talks and talk submissions for Hackfest 2024 - 16-bit Edition

Where I introduce the subject of remotely identifying bluetooth devices, propose that healthcare device oversight is lacking, and exploit a firewall for no reason other than to prove a point.

In today's increasingly digital world, where cyber threats lurk around every corner, securing your online accounts is more important than ever. While passwords remain a cornerstone of security, they're no longer enough. This is where Multi-Factor Authentication…

Through the years, we have seen many attacks exploiting web caches to hijack sensitive information or store malicious payloads. However, as CDNs became more popular, new discrepancies between propriet

Introduction Spring Cloud Data Flow, a microservices-based platform for streaming and batch data processing in Cloud Foundry and Kubernetes, is vulnerable to an arbitrary file write issue. The...

Apps falsos ameaçam dados bancários: Cibercriminosos estão utilizando Progressive Web Applications (PWAs) para imitar aplicativos de bancos e roubar credenciais de usuários Android e iOS. Empregando táticas como chamadas automatizadas e malvertising, essas…

Some websites parse email addresses to extract the domain and infer which organisation the owner belongs to. This pattern makes email-address parser discrepancies critical. Predicting which domain an

See posts, photos and more on Facebook.

NTLM credential theft vulnerabilities in Python Windows applications: Jupyter Notebook CVE-2024-35178, Streamlit from Snowflake CVE-2024-42474 and Hugging Face Gradio CVE-2024-34510

APIs are essential for modern web applications, but they also introduce significant security challenges. Even large enterprises can fall prey to simple API vulnerabilities, as demonstrated by Traceable's discovery of a critical security flaw in Honeywell’s…

Homepage is an open-source dashboard with over 100 integrations. This article shows how multiple vulnerabilities were found and exploited in its latest version at that time (v0.8.13), for example, to achieve code execution in Jellyfin.

Prompt Injection in AI: Common Attack Scenarios and How to Mitigate Them

SLUBStick risk assessment for embedded systems The Linux kernel is susceptible to memory safety vulnerabilities due to its size and complexity.

An incomplete review of the sandbox solutions on the GNU/Linux operating system.

poc for CVE-2024-38063 (RCE in tcpip.sys). Contribute to ynwarcs/CVE-2024-38063 development by creating an account on GitHub.

Download Request Interceptor for Firefox. A Firefox extension that intercepts and edits HTTP requests, allowing you to view, customize, and send them directly from your browser. Incredibly easy and comfortable to use. Good for penetration testers and developers.

SHELLSILO is a cutting-edge tool that translates C syntax into syscall assembly and its corresponding shellcode. It streamlines the process of constructing and utilizing structures, assigning varia...

This presentation covers a static analysis tool Semgrep and how it can be leveraged to find different vulnerabilities in a variety of languages. We initially presented “Automated Bug Hunting with Semgrep” at a local event in San Diego. Due to the positive…

Surprisingly often, implementations include functionality where user input is passed to dangerous functions like PHP’s eval() - despite clear warnings. Often, devs are somewhat aware of this danger and attempt to sanitize the input, but this approach …

Black Lotus Labs uncovered a zero-day exploit in Versa Director servers. Learn its impact on SD-WAN security and how to mitigate threats.

In just three Sunday afternoons, I discovered 14 CVEs - and you can too! CVE hunting is more accessible than many realise, and the methodology outlined here requires only a bit of coding knowledge.