WINspect is part of a larger project for auditing different areas of Windows environments. It focuses on enumerating different parts of a...

Somewhat incredibly I am the first tech writer on the planet to break this story, but even more incredibly the FCC lets you upload any file…

Vault 7 is a series of documents and tools released by WikiLeaks, that gives information about detailed activities and capabilities of the US CIA to perform spying and cyber warfare. Today, 31 August 2017, Wikileaks

A processor is not a trusted black box for running code; on the contrary, modern x86 chips are packed full of secret instructions and hardware bugs. In this talk, we'll demonstrate how page fault analysis and some creative processor fuzzing can be used to…

A blog about general reverse engineering, security research, poking around Windows internals, and messing with the Intel x86/AMD64 architecture.

Hi,

I just discovered that there's a scenario where the Marketo Forms solution being used on www.hackerone.com can actually be abused, using a few fun techniques, to trigger an XSS in the...

Hackers are scanning the Internet for sites using Adminers. If your site uses temporary maintenance or admin noscripts, learn how you can minimize the risks.

0 points and 0 comments so far on reddit

An unknown hacker has stolen personal details of 6 million "High-Profile" Instagram account and made it available for sale on a website, called Doxagram

Whether Vendors Patch Their Products or Not, We Have Your Back by Mitja Kolsek, the 0patch Team Three days ago, Cisco Talos published a...

6 points and 1 comments so far on reddit

Researchers at FortiGaurd had discrovered a new Power Point Presentation File named "ADVANCED DIPLOMATIC PROTOCOL AND ETIQUETTE SUMMIT.ppsx" spreading via E Mail targeting UN agencies, Foreign Ministries, International Organizations, and those who interact…

While both the SYSTEM_ALERT_WINDOW and the BIND_ACCESSIBILITY_SERVICE Android permissions have been abused individually (e.g., in UI redressing attacks, accessibility attacks), previous attacks based on these permissions failed to completely control the UI…

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing…

Hi Readers, This article is about Burp Suite Macros which helps us in automating efforts of manual input payload fuzzing. While it may be known to many testers, this article is written for those who are yet to harness the power of burp suite’s macro automation.…

Why Flash Security still matters? Flash is still an active threat. In 2017, I reported Flash vulnerabilities to Facebook, Youtube, Wordpress, Yahoo, Paypal and Stripe. Over the last 3 years, I reported more than 50 Flash vulnerabilities to Bug Bounty programs…

In this part of the series we'll focus on exploiting a simple binary. radare2 has many features which will help us in exploitation, such as...