Technical blog by Stephan Berger (@malmoeb)

Cybercriminals continue to exploit unsuspecting users through cleverly crafted phishing campaigns. Recently, I encountered a forwarded message in a WhatsApp group that immediately raised suspicion.…

This week, we identified an intriguing use case involving the WP3[.]XYZ attack (link to our blog post). It sparked interest across the community and led to better detection rates on platforms like VirusTotal (VirusTotal link).

While most appreciated our…

Posted by stan_frbd - 5 votes and 0 comments

I’ve been reversing Black Ops Cold War for a while now, and I’ve finally decided to share my research regarding the user-mode anti-cheat inside the game. It’s not my intention to shame or promote cheating/bypassing of the anti-cheat, so I’ve redacted a few…

Because we can!

Floats in C are weird. Floating point number rounding and NaN shenanigans to bypass security protections.

Azure DevOps is important to many organizations. Pivoting from a stolen session to DevOps access is closer than you think.

promptmap2 is a vulnerability scanning tool that automatically tests prompt injection attacks on your custom LLM applications

In this post, I will introduce the "cookie sandwich" technique which lets you bypass the HttpOnly flag on certain servers. This research follows on from Bypassing WAFs with the phantom $Version cookie

Learn how specially crafted artifacts can be used to attack Maven repository managers. This post describes PoC exploits that can lead to pre-auth remote code execution and poisoning of the local artifacts in Sonatype Nexus and JFrog Artifactory.

Are you like me, struggling to get your head around terms like symmetric encryption, asymmetric encryption, public key, private key…

Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform - research.md

The Oligo research team has discovered a critical vulnerability in meta-llama, an open source framework from Meta for building and deploying GenAI applications.

On November 20, 2024, Shubham Shah and I discovered a security vulnerability in Subaru’s STARLINK admin panel that gave us unrestricted access to all vehicles and customer accounts in the United States, Canada, and Japan.

Yesterday we discovered another client-side JavaScript attack targeting +500 websites, including governments and universities. The injected noscripts create hidden links in the Document Object Model (DOM), pointing to external websites, a programming interface…

Learn how to build effective harnesses for fuzzing native libraries on Android. Explore techniques and strategies to uncover vulnerabilities

WinVisor is a hypervisor-based emulator for Windows x64 user-mode executables that leverages the Windows Hypervisor Platform API to provide a virtualized environment for logging syscalls and enabling memory introspection.

In this blog post, we’ll walk through the process of enumerating and exploiting a vulnerable machine named silver platter as part of a…

Accuracy, Coverage & Integration: A Comprehensive Benchmark for Modern SAST Tools