In this part we show how to automatically resolve all WinAPI calls in malicious code dump of LockPoS Point-of-Sale malware. Instead of manually reconstructing a corrupted Import Address Table we simply extract a target portion of code in the research database…

Utilities for MITRE™ ATT&CK. Contribute to nshalabi/ATTACK-Tools development by creating an account on GitHub.

tl;dr: With the tool nmap-parse-output you can convert, manipulate or extract data from a Nmap/masscan scan output. This allows you to get the information you're looking for by just entering a straightforward command.
Preamble
A while ago, we had to scan…

St2-057 Poc Example. Contribute to jas502n/St2-057 development by creating an account on GitHub.

Currently playing: NetSec I - 04. WiFi basics and security

This is the second part of the "Reverse Engineering iOS Apps - iOS 11 Edition" series. In the first part of the series we learned how to setup your phone on iOS 11 and how to decrypt an iOS app. In this second and final part we'll learn how to:

Learn about the Struts2 Remote Code Execution vulnerability CVE-2018-11776, how to exploit and how to create a Proof of Concept (POC) with docker.

Raxis COO, Bonnie Smyre, wrote a guest blog post on "What Nonprofits Need to Know about Assessing Security Risk" for the NTEN Nonprofit Technology Network.

Search and download free and open-source threat intelligence feeds with threatfeeds.io.

0 votes and 0 comments so far on Reddit

This blog post documents how to use Microsoft.Workflow.Compiler.exe and the Veil Framework's output to receive a Cobalt Strike beacon.

This post will detail the steps I took to find a path traversal vulnerability, and how I paired the vulnerability with the logic of the application to achieve Remote Code Execution through a shell …

Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface, which can allow a local user to obtain SYSTEM privileges.

Beacon analysis is by far the most effective method of threat hunting your network. In fact, I would argue that if you are not checking your network for beacon activity, you have a huge gap in your defenses that attackers will happily leverage. In this two…

Oracle fixed some of the issues I reported in VirtualBox during the Oracle Critical Patch Update - April 2018. CVE-2018-2844 was an inter...

This blogpost will talk about the analysis of a new password stealer named AcridRain and its different updates during the last 2 months. Introduction AcridRain is a new password stealer written in C/C++ that showed up on forums around the 11th of July 2018.…

Despite the fact I am fairly active on the various bug bounty platforms, I usually don’t blog around my activities or promote myself for…

Repo for random stuff. Contribute to SandboxEscaper/randomrepo development by creating an account on GitHub.