This class teaches Bluetooth reconnaissance & device identification using the Blue2thprinting software.

Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team

In my previous article, I introduced Hound, an open-source code auditing tool that models the cognitive and organizational processes of…

Binary Security spend a lot of time testing and securing CI/CD setups, especially GitHub Actions. In this two-part series we cover some of the many security considerations when using GitHub Actions, with a focus on securing your CI/CD pipeline against adversaries…

Exploiting vulnerability in the update mechanism of Windows Defender by using a symbolic link folder. Destroying or injecting code into Defender

Detect Suspicious/Malicious ICMP Echo Traffic Using Behavioral and Protocol Semantic Analysis Introduction With release version 2.0, we have added a new advanced detection module to PacketSmith, with the sole objective of scanning for suspicious/malicious…

The popular packages debug and chalk on npm have been compromised with malicious code

The Pentagon publicly posts the stream keys to its Facebook, YouTube, and X channels, exposing livestreams to account takeovers.

Memory Integrity Enforcement (MIE) is the culmination of an unprecedented design and engineering effort spanning half a decade that combines the unique strengths of Apple silicon hardware with our advanced operating system security to provide industry-first…

At DefCon, Oligo Security revealed critical Apple CarPlay vulnerabilities, including CVE-2025-24132 in the AirPlay SDK. Learn how attackers exploit iAP2 and AirPlay to compromise connected cars, and why patching delays leave vehicles exposed.

I learn about cryptographic vulnerabilities all the time, and they generally fill me with some combination of jealousy (“oh, why didn’t I think of that”) or else they impress me w…

Key Takeaways The intrusion began when a user downloaded and executed a malicious file impersonating DeskSoft’s EarthTime application but instead dropped SectopRAT malware. The threat actor d…

We’re back - it’s a day, in a month, in a year - and once again, something has happened.

In this week’s episode of “the Internet is made of string and there is literally no evidence to suggest otherwise”, we present even further evidence that as a

Posted by Hakyza - 11 votes and 1 comment

Permiso launches Inboxfuscation, an open-source tool enabling organizations to detect Unicode-obfuscated Microsoft Exchange inbox rules and secure Microsoft 365.

Bidding farewell to one of the last kernel address leaks, CVE-2025-53136. Even patches can open new doors for exploitation.

Hello folks,