CVE-2023-28324 Ivanti Endpoint Manager AgentPortal Improper Input Validation Remote Code Execution Vulnerability.

Uncover how deserialization attacks work with real-world example and learn how to mitigate their risks.

Cracking the simple encryption scheme used by Genesis Market to hunt for malicious browser extensions

In this article, we will learn that using PowerShell's CLIXML deserialization could lead to undesired effects, including remote code execution.

This blog post shows how a user with Reader-level access to an Azure API Management resource actually had the equivalent of Contributor-level access, allowing the user to read, modify and even delete configurations of the resource via the Direct Management…

In recent July Patch Tuesday Microsoft patched a vulnerability in the Microsoft Kernel driver appid.sys, which is the central driver behind AppLocker, the application whitelisting technology built into Windows.

Red Alert ICS CTF Review. Winning a black badge and breaking smart cities.

CVE-2024-8190: Investigating CISA KEV Ivanti Cloud Service Appliance Command Injection Vulnerability and Indicators of Compromise

Protection against HTML smuggling attempts. Contribute to RootUp/SmuggleShield development by creating an account on GitHub.

Summary A vulnerability in LANCOM LCOS web interface (usually listening on port 443) allows a remote attacker to trigger a heap overflow in the service listening on this port. Credit An independent security researcher working with SSD Secure Disclosure Vendor…

Have you ever come across a laptop, server or desktop computer that has Full Device Encryption (FDE) and protected by a password/logon screen that you would like to hack into easily? Well Direct Memory Access (DMA) attacks can easily bypass these security…

(6 Months later CZAT 7 Server is offline or changed to another ip address , this post was written 6 months ago, published today 9/2/2024)

Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team

Hello, Hello, Aloooooooo. After some time away from coding I am here again talking about sleeping masks. Thanks to the great cybersec community there is always something to work on 😄
Last time in my blog I have talked how to hide a memory mapping (where in…

Legitimate emails with bad practices and an insecure website add insult to injury.

There's a need to address the common issues with Solidity static analyzers to reduce false positives and enhance security analysis.

Hacking Hackers - Even the software used by teams of offensive security professionals is prone to standard web application vulnerabilities.

FBI Director Chris Wray says the FBI has disrupted a group of hackers working at the direction of the Chinese government who targeted universities, government agencies and other organizations.

TL;DR I discovered a one-click account takeover vulnerability in a popular Indonesian Android app called Tokopedia . Th...