Setting up the environment + Hello World Inspecting and tampering HTTP requests and responses Inspecting and tampering WebSocket messages Creating […]

Brainstorm is a new, smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery

AmberWolf Security Research Blog

I recently fiddled around with Window’s built-in command nltest and noticed that nltest /user:<username>, when executed as an Administrator, yields some interesting information about the requested user:
The two fields LmOwfPassword and NtOwfPassword spiked…

This new technique mimics a cracked screen that is a result of a fake virus infection as visible in the video below

Summary A vulnerability in the ksthunk.sys CKSAutomationThunk::ThunkEnableEventIrp allows a local attacker to exploit an Integer Overflow vulnerability which can then be used to gain elevated privileges in the Windows operating system. The exploit was successfully…

Ghidra, developed by the NSA, is a powerful reverse engineering tool known for its versatility. One standout feature is its ability to…

Our USB Dead Man Switch can now be purchased in-person at NovaCustom's brick-and-mortar location in The Netherlands.

This page is a collection of my security research, and other infosec-related activities.

Discover how fuzzing can identify critical vulnerabilities in native Android components, strengthening device security.

Note: This is part of my @vr_progress journal. Also, subscribe to my new @SideQuest_256 channel and I might post videos about the Android journey too :D This is a story about how I wasted my weekend over a bug that was categorized as a High/EoP but then couldn’t…

Background

On November 18, 2024, Palo Alto Networks announced the discovery of two critical vulnerabilities, CVE-2024-0012 and CVE-2024-9474, in the operating system that powers their firewall devices. The following day, watchTowr published a report detailing…

Tools for controlling webcam LED on ThinkPad X230. Contribute to xairy/lights-out development by creating an account on GitHub.

Microsoft SQL Server has been found to treat a goblin emoji as equivalent to an empty string, potentially leading to security vulnerabilities in applications that utilize it.

TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!

Captchas, Monero, Scams and absolutely no JavaScript

UNCONFIRMED (nobody) in CA Program - CA Certificate Compliance. Last updated 2024-12-01.