Learning how to use the most popular complex functions of Trusted Platform Modules (TPMs)

Hacking Windows through iTunes  - Local Privilege Escalation 0-day - mbog14/CVE-2024-44193

elttam is a globally recognised, independent information security company, renowned for our advanced technical security assessments.

Docker Zombie Layers are unreferenced image layers that continue to exist for weeks in registries, even after being removed from a manifest. In this hands-on deep dive, we explore how these layers can persist in registries and why ensuring the immediate revocation…

a kubernetes-native threat detection system

The NHI Index is a centralized resource for understanding, managing, and securing Non-Human Identities like API keys, tokens, secrets, and service accounts. Explore mapping of 360+ NHIs and access essential resources to enhance security.

Using default version 1 certificate templates, an attacker can exploit a vulnerability (EKUwu) to generate certificates that bypass security controls,…

Today, we are releasing the details of CVE-2024-37404, a zero-day vulnerability in the Ivanti Connect Secure product. This vulnerability allows an authenticated administrator to execute arbitrary code with `root` privileges on the underlying system.

This blog post showcases why fundamental code security is essential for an application despite all hardening measures applied in the underlying infrastructure.

In the previous part of the […]

Authors: Louis Hackländer-Jansen

Technical analysis and indicators of compromise for Palo Alto Expedition CVE-2024-5910, CVE-2024-9464, CVE-2024-9465, and CVE-2024-9466 leading to system compromise and credential exposure.

r-tec recently analysed an Axis IP Camera of the model F9111 in a penetrationtest for one of our customers.

Purple Teaming and Detection Engineering even though that as a concept exist in the information security industry for years lack of specific standardization, models and metrics. The absence of dedi…

I unveil a new post exploit attack vector that allows devastating ransomware attacks on compromised AWS account along with preventive…

Java Android Magisk Burp Objection Root Emulator Easy (JAMBOREE) - freeload101/Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy

CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT). - doyensec/CSPTPlayground

1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies - zendesk.md

Khám phá top 10+ nhà cái uy tín được kiểm định và xác thực 100% từ các chuyên gia cá cược, đảm bảo trải nghiệm cá cược tốt nhất cho người chơi