Have you ever come across a laptop, server or desktop computer that has Full Device Encryption (FDE) and protected by a password/logon screen that you would like to hack into easily? Well Direct Memory Access (DMA) attacks can easily bypass these security…

(6 Months later CZAT 7 Server is offline or changed to another ip address , this post was written 6 months ago, published today 9/2/2024)

Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team

Hello, Hello, Aloooooooo. After some time away from coding I am here again talking about sleeping masks. Thanks to the great cybersec community there is always something to work on 😄
Last time in my blog I have talked how to hide a memory mapping (where in…

Legitimate emails with bad practices and an insecure website add insult to injury.

There's a need to address the common issues with Solidity static analyzers to reduce false positives and enhance security analysis.

Hacking Hackers - Even the software used by teams of offensive security professionals is prone to standard web application vulnerabilities.

FBI Director Chris Wray says the FBI has disrupted a group of hackers working at the direction of the Chinese government who targeted universities, government agencies and other organizations.

TL;DR I discovered a one-click account takeover vulnerability in a popular Indonesian Android app called Tokopedia . Th...

👻Stowaway -- Multi-hop Proxy Tool for pentesters. Contribute to ph4ntonn/Stowaway development by creating an account on GitHub.

MSSprinkler is a password spraying utility for organizations to test their Microsoft Online accounts from an external perspective. It employs a 'low-and-slow' approach to avoid lock...

Seezo provides context-specific security requirements to developers before they start coding

Intro Several months ago, I wrote a post about developing a secure chat in Rust using RSA and AES-CBC. Writing that post taught me a lot (like in this post, all of the crypto algorithms were implemented from scratch), but there were 2 major problems with…

Introduction to Security Class (BSY), FEL, Czech Technical University

I’ve recently been working on some exciting development projects, including a deep dive into archive extraction. During this work, I discovered some fascinating behaviours that I’m thrilled to share with you in the following sections.

In this post, we demonstrate two techniques allowing a low privileged user to escalate their privileges to root in case they can run iptables and/or iptables-save as

A writeup of my $4133.70 Google Drive vulnerability chain.

a post going over 4 exploits for CVE-2024-20017, a remotely exploitable buffer overflow in a component of the MediaTek MT7622 SDK.