Background: Modern adversaries increasingly hide command-and-control (C2) traffic inside cloud services. We built this proof of concept…

Intercepting and analysing the traffic is one of the important parts of the pentest, whether it’s a mobile, web or desktop application. On…

Learn how to bypass TLS certificate validation on Linux using LD_PRELOAD for security research and debugging of embedded systems and native applications

On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 repositories. Attackers injected malicious workflows that exfiltrated 3,325 secrets, including PyPI, npm, and DockerHub tokens via…

Exploiting the mechanism that automatically searches for additional executable files when Windows detects that the requested file does not exist

The ultimate device for pentesters and security enthusiasts. RF, NFC, BLE, and IoT analysis in one platform.

The human element continues to be cybersecurity’s weakest link. Despite organizations spending over $150 billion annually on security…

Worldcoin joins UTEC Peru to advance AMPC-driven quantum-secure technology to enhance privacy and academic validation for decentralized digital identity.

This class teaches Bluetooth reconnaissance & device identification using the Blue2thprinting software.

Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team

In my previous article, I introduced Hound, an open-source code auditing tool that models the cognitive and organizational processes of…

Binary Security spend a lot of time testing and securing CI/CD setups, especially GitHub Actions. In this two-part series we cover some of the many security considerations when using GitHub Actions, with a focus on securing your CI/CD pipeline against adversaries…

Exploiting vulnerability in the update mechanism of Windows Defender by using a symbolic link folder. Destroying or injecting code into Defender

Detect Suspicious/Malicious ICMP Echo Traffic Using Behavioral and Protocol Semantic Analysis Introduction With release version 2.0, we have added a new advanced detection module to PacketSmith, with the sole objective of scanning for suspicious/malicious…

The popular packages debug and chalk on npm have been compromised with malicious code

The Pentagon publicly posts the stream keys to its Facebook, YouTube, and X channels, exposing livestreams to account takeovers.

Memory Integrity Enforcement (MIE) is the culmination of an unprecedented design and engineering effort spanning half a decade that combines the unique strengths of Apple silicon hardware with our advanced operating system security to provide industry-first…

At DefCon, Oligo Security revealed critical Apple CarPlay vulnerabilities, including CVE-2025-24132 in the AirPlay SDK. Learn how attackers exploit iAP2 and AirPlay to compromise connected cars, and why patching delays leave vehicles exposed.