The first argument of a program’s command line, typically reflecting the program’s name/path and often referred to as argv[0], can in most cases be set to an arbitrary value without affecting the process’ flow. Making the case against argv[0], this post demonstrates…

Leaders in Information Security

Discover how to identify and exploit misconfigured AWS IAM roles using GitLab OIDC, with a detailed, step-by-step guide.

Download the Writeup Illustration Romain Flamand – Flamingo Studio – flamandromain@gmail.com Abstract Secure elements are small microcontrollers whose main purpose is to generate/store secrets and then execute cryptographic operations. They undergo the highest…

JFrog’s security research team continuously monitors open-source software registries, proactively identifying and addressing potential malware and vulnerability threats to foster a secure and reliable ecosystem for open-source software development and deployment.…

The EUCLEAK attack allows attackers to steal private keys with just minutes of physical access and bypassing crucial secure hardware attestation protocols.

Analysis of CVE-2024-30078, a Windows Wi-Fi driver vulnerability. Detailed root cause analysis and exploitation constraints.

In software development, CI/CD practices are now standard, helping to move code quickly and efficiently from development to production. Azure DevOps, previously known as Team Foundation Server...

Observe and reprogram running programs on Windows, macOS, GNU/Linux, iOS, watchOS, tvOS, Android, FreeBSD, and QNX

Every sysadmin is familiar with Veeam’s enterprise-oriented backup solution, ‘Veeam Backup & Replication’. Unfortunately, so is every ransomware operator, given it's somewhat 'privileged position' in the storage world of most enterprise's networks. There's…

Good day!

In this post we describe an analysis of the security patches introducted by GitHub Enterprise Server (GHES) release 3.11.3.

Long time no see! After 3 years of no new blog posts and also no conference talks from my side, I decided it’s time to write again. I’ll start easy with a fun story that happened a while …

URGENT: Critical security advisory for Kibana users. Update to version 8.15.1 now to mitigate vulnerabilities CVE-2024-37288 and CVE-2024-37285.

Modern web browsers have the capability to store web application based credentials of users in an encrypted format. This functionality has been seen as a security improvement towards the password h…

As the second Tuesday of September 2024 approaches, SAP administrators and security professionals are preparing for another crucial event: SAP Security Patch Day. This month’s release addresses several vulnerabilities across various SAP products and components…

Learn how threat actors can exploit SQL Server credential objects to escalate domain privileges and how you can detect it.