Red Alert ICS CTF Review. Winning a black badge and breaking smart cities.

CVE-2024-8190: Investigating CISA KEV Ivanti Cloud Service Appliance Command Injection Vulnerability and Indicators of Compromise

Protection against HTML smuggling attempts. Contribute to RootUp/SmuggleShield development by creating an account on GitHub.

Summary A vulnerability in LANCOM LCOS web interface (usually listening on port 443) allows a remote attacker to trigger a heap overflow in the service listening on this port. Credit An independent security researcher working with SSD Secure Disclosure Vendor…

Have you ever come across a laptop, server or desktop computer that has Full Device Encryption (FDE) and protected by a password/logon screen that you would like to hack into easily? Well Direct Memory Access (DMA) attacks can easily bypass these security…

(6 Months later CZAT 7 Server is offline or changed to another ip address , this post was written 6 months ago, published today 9/2/2024)

Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team

Hello, Hello, Aloooooooo. After some time away from coding I am here again talking about sleeping masks. Thanks to the great cybersec community there is always something to work on 😄
Last time in my blog I have talked how to hide a memory mapping (where in…

Legitimate emails with bad practices and an insecure website add insult to injury.

There's a need to address the common issues with Solidity static analyzers to reduce false positives and enhance security analysis.

Hacking Hackers - Even the software used by teams of offensive security professionals is prone to standard web application vulnerabilities.

FBI Director Chris Wray says the FBI has disrupted a group of hackers working at the direction of the Chinese government who targeted universities, government agencies and other organizations.

TL;DR I discovered a one-click account takeover vulnerability in a popular Indonesian Android app called Tokopedia . Th...

👻Stowaway -- Multi-hop Proxy Tool for pentesters. Contribute to ph4ntonn/Stowaway development by creating an account on GitHub.

MSSprinkler is a password spraying utility for organizations to test their Microsoft Online accounts from an external perspective. It employs a 'low-and-slow' approach to avoid lock...

Seezo provides context-specific security requirements to developers before they start coding

Intro Several months ago, I wrote a post about developing a secure chat in Rust using RSA and AES-CBC. Writing that post taught me a lot (like in this post, all of the crypto algorithms were implemented from scratch), but there were 2 major problems with…

Introduction to Security Class (BSY), FEL, Czech Technical University

I’ve recently been working on some exciting development projects, including a deep dive into archive extraction. During this work, I discovered some fascinating behaviours that I’m thrilled to share with you in the following sections.