A processor is not a trusted black box for running code; on the contrary, modern x86 chips are packed full of secret instructions and hardware bugs. In this talk, we'll demonstrate how page fault analysis and some creative processor fuzzing can be used to…

A blog about general reverse engineering, security research, poking around Windows internals, and messing with the Intel x86/AMD64 architecture.

Hi,

I just discovered that there's a scenario where the Marketo Forms solution being used on www.hackerone.com can actually be abused, using a few fun techniques, to trigger an XSS in the...

Hackers are scanning the Internet for sites using Adminers. If your site uses temporary maintenance or admin noscripts, learn how you can minimize the risks.

0 points and 0 comments so far on reddit

An unknown hacker has stolen personal details of 6 million "High-Profile" Instagram account and made it available for sale on a website, called Doxagram

Whether Vendors Patch Their Products or Not, We Have Your Back by Mitja Kolsek, the 0patch Team Three days ago, Cisco Talos published a...

6 points and 1 comments so far on reddit

Researchers at FortiGaurd had discrovered a new Power Point Presentation File named "ADVANCED DIPLOMATIC PROTOCOL AND ETIQUETTE SUMMIT.ppsx" spreading via E Mail targeting UN agencies, Foreign Ministries, International Organizations, and those who interact…

While both the SYSTEM_ALERT_WINDOW and the BIND_ACCESSIBILITY_SERVICE Android permissions have been abused individually (e.g., in UI redressing attacks, accessibility attacks), previous attacks based on these permissions failed to completely control the UI…

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing…

Hi Readers, This article is about Burp Suite Macros which helps us in automating efforts of manual input payload fuzzing. While it may be known to many testers, this article is written for those who are yet to harness the power of burp suite’s macro automation.…

Why Flash Security still matters? Flash is still an active threat. In 2017, I reported Flash vulnerabilities to Facebook, Youtube, Wordpress, Yahoo, Paypal and Stripe. Over the last 3 years, I reported more than 50 Flash vulnerabilities to Bug Bounty programs…

In this part of the series we'll focus on exploiting a simple binary. radare2 has many features which will help us in exploitation, such as...

If you or a loved one has a pacemaker, you need to read this.  On August 29, 2017, the FDA issued a recall for Abbott’s (formerly St. Jude Medical’s) Implantable Cardiac Pacemakers.  Th…

Taringa, also called as "The Latin American Reddit", have been breached and over 28 Million users login details are exposed in the massive data breach

 Introduction When evidence of the problems described in this report were first noticed, it almost seemed hard to believe. However, for those familiar with the technical history of Arris and their careless lingering of hardcoded accounts on their products…

A walkthrough of Kioptrix: Level 1 from VulnHub. This is the first vm in the Kioptrix series. More to come!

CSS-in-JS is a bit like eval for CSS. It is incredibly powerful, but it also makes it easy to shoot yourself in the foot.