In this paper I will reveal the discovery of wide-spread cases of request tunnelling in applications powered by popular servers including IIS, Azure Front Door and AWS' application load balancer including the creation of a novel detection technique that combined…

A fast domain and typosquatting discovery tool

The Legit research team unearthed vulnerabilities in GitLab Duo.

Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in Evertz SDVN. Learn about the risks and recommended actions.

Woodpecker is an open-source tool that automates red teaming, making advanced security testing easier and more accessible. It helps teams find and fix

Executive SummaryAnalyzing transmission control protocol (TCP) SYN segments,

How a solo inventor, a storage experiment, and a refusal to accept “encrypted” as good enough led to a new kind of data defense.

Introduction
In this guide, we’ll walk step-by-step through building a fully functional internal che...

EclecticIQ and Hudson Rock researchers assess that Bitter APT very likely used stolen email credentials from Pakistan’s Counter Terrorism Department (CTD) to carry out the attack. The spear phishing campaign targeted PTCL personnel in critical roles, including…

This talk will introduce the deguard utility, allowing to bypass Intel BootGuard and enabling coreboot development on previously locked down platforms.

Scan and exploit vulnerable web applications at scale with XAttacker V50 Pro — fast, reliable, and powerful.

Posted by Equivalent-Elk-712 - 8 votes and 2 comments

This questionnaire is part of a research study examining security vulnerabilities in edge computing environments and exploring Ethereum-based blockchain solutions to address these issues.
Your responses are anonymous and will be used solely for academic research…

"Stealth syscalls: Because life's too short to argue with an angry EDR!"
Discover how Stealth Syscall Execution bypasses ETW, Sysmon, and EDR detection. Learn advanced stealth techniques for red teaming in this cybersecurity blog.

Binary Security was previously rewarded for three Server-Side Request Forgery (SSRF) vulnerabilities in Azure DevOps, which you can read about here. Now we have found another SSRF vulnerability that we also reported to Microsoft. We then bypassed Microsoft’s…

Exploring Azure Arc’s overlooked C2aaS potential. Attacking and Defending against its usage and exploring usecases.

Discover how attackers exploit trusted wireless networks using rogue APs, wireless pivots, and legacy protocols to turn secure EAP-TLS deployments into invisible attack surfaces.

Cybersecurity isn’t always glamorous. Sometimes, it’s late nights at your desk, Burp Suite humming in the background, and your mom calling…

InterceptSuite is a tool I created to intercept and analyse network traffic in Windows applications, whether encrypted or not. Unlike…

Converting a Normal SanDisk USB into a Bad USB or Rubber Ducky