Reverse Engineering: I discovered a serious Remote Code Execution (RCE) vulnerability in a popular game that could let attackers run code on your PC. Watch how I found it, reported it, and what you can do to stay safe.

In July 2024, we identified a vulnerability that resulted in access to millions of live customer support messages for organizations using Cisco Webex Connect.

TLDR: SlackPirate has been defunct for a few years due to a breaking change in how the Slack client interacts with the Slack API. It has a…

How I tracked myself down using leaked location data in the in-app ads, and what I found along the way.

The SLAP and FLOP Address and Value Prediction Attacks

Research on Kubernetes policy enforcement risks and how misconfigurations in seemingly secure rules like OPA Gatekeeper enable bypassing.

We provide around-the-clock threat detection and incident response, backed by expert consulting to keep your organization secure.

Utilizing the new technique of Path Masquerading to spoof malicious processes to closely resemble those of antivirus/EDR programs.

Surprise surprise, we've done it again. We've demonstrated an ability to compromise significantly sensitive networks, including governments, militaries, space agencies, cyber security companies, supply chains, software development systems and environments…

Welcome to the Top 10 Web Hacking Techniques of 2024, the 18th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year

The career platform for coders, builders, hackers and makers.

Our team hacks space heater firmware updates over wifi in the latest Include Security blog post. We break down, literally and figuratively, each step of the attack to demonstrate how anonymous users on the same wireless network as an affected space heater…

Trigger warning: incredibly wonky theoretical cryptography post (written by a non-theorist)! Also, this will be in two parts. I plan to be back with some more thoughts on practical stuff, like clou…

Trigger warning: incredibly wonky theoretical cryptography post (written by a non-theorist)! Also, this will be in two parts. I plan to be back with some more thoughts on practical stuff, like clou…

Generate obfuscated command-line arguments for common system-native executables now with ArgFuscator.

This is the second part of a two three four-part series, which covers some recent results on “verifiable computation” and possible pitfalls that could occur there. This post won’t…

Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team

Introduction At the start of 2025, on Jan­u­ary 14th, Mi­crosoft re­leased over 20+ CVEs ad­dress­ing Re­mote Code Ex­e­cu­tion (RCE) vul­ner­a­bil­i­ties in Mi­crosoft Tele­pho­ny Ser­vices,...

🔐 A CLI tool to extract server certificates. Contribute to Hakky54/certificate-ripper development by creating an account on GitHub.