In early February 2022, notably just ahead of the Russian invasion of Ukraine, Volexity made a discovery that led to one of the most fascinating and complex incident investigations Volexity had ever worked. The investigation began when an alert from a custom…

Discrepancies in how browsers and libraries handle HTTP cookies, and the problems caused by such things.

Making Udon a bit too flexible.

Learn how JWT libraries prevent algorithm confusion attacks and key lessons for improving security code reviews through effective practices and safeguards. A must-read for code reviewers and security engineers

Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team

Presentation on the vulnerability research conducted on VirtualBox for Pwn2Own Vancouver 2024.

Setting up the environment + Hello World Inspecting and tampering HTTP requests and responses Inspecting and tampering WebSocket messages Creating […]

Brainstorm is a new, smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery

AmberWolf Security Research Blog

I recently fiddled around with Window’s built-in command nltest and noticed that nltest /user:<username>, when executed as an Administrator, yields some interesting information about the requested user:
The two fields LmOwfPassword and NtOwfPassword spiked…

This new technique mimics a cracked screen that is a result of a fake virus infection as visible in the video below

Summary A vulnerability in the ksthunk.sys CKSAutomationThunk::ThunkEnableEventIrp allows a local attacker to exploit an Integer Overflow vulnerability which can then be used to gain elevated privileges in the Windows operating system. The exploit was successfully…

Ghidra, developed by the NSA, is a powerful reverse engineering tool known for its versatility. One standout feature is its ability to…

Our USB Dead Man Switch can now be purchased in-person at NovaCustom's brick-and-mortar location in The Netherlands.

This page is a collection of my security research, and other infosec-related activities.

Discover how fuzzing can identify critical vulnerabilities in native Android components, strengthening device security.