This guide shows you how to set up a headless Pi-Tail, controlled entirely from your smartphone via SSH or VNC. This compact and cost-effective setup is perfect for on-the-go Wi-Fi pentesting, network scanning, and vulnerability assessments.

Following the publication of my blog post A Practical Guide to PrintNightmare in 2024, a few people brought to my attention that there was a way to bypass the Point and Print (PnP) restrictions recommended at the end. So, rather than just updating this article…

Learning how to use the most popular complex functions of Trusted Platform Modules (TPMs)

Hacking Windows through iTunes  - Local Privilege Escalation 0-day - mbog14/CVE-2024-44193

elttam is a globally recognised, independent information security company, renowned for our advanced technical security assessments.

Docker Zombie Layers are unreferenced image layers that continue to exist for weeks in registries, even after being removed from a manifest. In this hands-on deep dive, we explore how these layers can persist in registries and why ensuring the immediate revocation…

a kubernetes-native threat detection system

The NHI Index is a centralized resource for understanding, managing, and securing Non-Human Identities like API keys, tokens, secrets, and service accounts. Explore mapping of 360+ NHIs and access essential resources to enhance security.

Using default version 1 certificate templates, an attacker can exploit a vulnerability (EKUwu) to generate certificates that bypass security controls,…

Today, we are releasing the details of CVE-2024-37404, a zero-day vulnerability in the Ivanti Connect Secure product. This vulnerability allows an authenticated administrator to execute arbitrary code with `root` privileges on the underlying system.

This blog post showcases why fundamental code security is essential for an application despite all hardening measures applied in the underlying infrastructure.

In the previous part of the […]

Authors: Louis Hackländer-Jansen

Technical analysis and indicators of compromise for Palo Alto Expedition CVE-2024-5910, CVE-2024-9464, CVE-2024-9465, and CVE-2024-9466 leading to system compromise and credential exposure.

r-tec recently analysed an Axis IP Camera of the model F9111 in a penetrationtest for one of our customers.

Purple Teaming and Detection Engineering even though that as a concept exist in the information security industry for years lack of specific standardization, models and metrics. The absence of dedi…

I unveil a new post exploit attack vector that allows devastating ransomware attacks on compromised AWS account along with preventive…

Java Android Magisk Burp Objection Root Emulator Easy (JAMBOREE) - freeload101/Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy