Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team

Hello, Hello, Aloooooooo. After some time away from coding I am here again talking about sleeping masks. Thanks to the great cybersec community there is always something to work on 😄
Last time in my blog I have talked how to hide a memory mapping (where in…

Legitimate emails with bad practices and an insecure website add insult to injury.

There's a need to address the common issues with Solidity static analyzers to reduce false positives and enhance security analysis.

Hacking Hackers - Even the software used by teams of offensive security professionals is prone to standard web application vulnerabilities.

FBI Director Chris Wray says the FBI has disrupted a group of hackers working at the direction of the Chinese government who targeted universities, government agencies and other organizations.

TL;DR I discovered a one-click account takeover vulnerability in a popular Indonesian Android app called Tokopedia . Th...

👻Stowaway -- Multi-hop Proxy Tool for pentesters. Contribute to ph4ntonn/Stowaway development by creating an account on GitHub.

MSSprinkler is a password spraying utility for organizations to test their Microsoft Online accounts from an external perspective. It employs a 'low-and-slow' approach to avoid lock...

Seezo provides context-specific security requirements to developers before they start coding

Intro Several months ago, I wrote a post about developing a secure chat in Rust using RSA and AES-CBC. Writing that post taught me a lot (like in this post, all of the crypto algorithms were implemented from scratch), but there were 2 major problems with…

Introduction to Security Class (BSY), FEL, Czech Technical University

I’ve recently been working on some exciting development projects, including a deep dive into archive extraction. During this work, I discovered some fascinating behaviours that I’m thrilled to share with you in the following sections.

In this post, we demonstrate two techniques allowing a low privileged user to escalate their privileges to root in case they can run iptables and/or iptables-save as

A writeup of my $4133.70 Google Drive vulnerability chain.

a post going over 4 exploits for CVE-2024-20017, a remotely exploitable buffer overflow in a component of the MediaTek MT7622 SDK.

Create tar/zip archives that try to exploit zipslip vulnerability. - nodyhub/zipslipper

Introduction Every company establishes processes to identify security vulnerabilities, prioritize them, develop solutions, and, in some cases, strategically accept risk either temporarily or permanently. Security exceptions are closely tied to vulnerability…