After spending many years working in information security, as a consultant, I've had the chance to audit a multitude of different systems invented and developed by many different people. While there is a lot to say about that, the focus of this article is…

This the Webinar: "The 1-Year Roadmap To Master Malware Analysis, Triple Your Salary Or Be The Star Of Your Response Team, Without Getting a New Certificate or Programming Skills"

1 vote and 0 comments so far on Reddit

Perception Point’s platform recently intercepted an attack leveraging the BYOB framework. This is the first time the BYOB framework is seen being used for fraudulent activity in the wild.

Finding and exploiting open instances of SickRage/SickChill.

Positive Hack Days is a unique global event. It is the only event which brings together the elite of the hackers' world, leaders of the information security industry and representatives of the Internet community to cooperate in addressing burning information…

A Chrome extension is stealing your credit card details with you knowing, do you have it installed on your device?

Abstract Content-Security Policy (CSP) is one of the most vital protection layers in client-side web security. A strict policy should n...

2 votes and 0 comments so far on Reddit

7 votes and 0 comments so far on Reddit

A small Bash utility used for pivoting into internal networks upon compromising a public-facing host. - itsKindred/PortPush

Welcome to CypherCon 4.0 (2019), Wisconsin’s Hacker Conference! Our conference provides hackers with an outlet to openly demonstrate and experience creativity and ingenuity through hands-on enlightening activities and thought provoking presentations and technical…

Quick Summary Hey guys Today SecNotes retired. SecNotes was a very nice box and I really liked that it mixed between windows and linux , and that’s because it was a windows box and it had windows subsystem for linux (WSL) installed.It was relatively easy.…

Remotely compromise devices by using bugs in Marvell Avastar Wi-Fi: from zero knowledge to zero-click RCE Introduction and motivation How wireless device works and starts up Interaction between Wi-Fi SoC and driver Firmware analysis Static firmware file analysis…

At Real World Crypto 2019, Mihir Bellare won the Levchin Prize (along with Eric Rescorla) and gave a short and inspiring speech. You can watch it here. In it, he briefly mentioned what I'll call the speed issue:

when I started it was a question of being…

For my vulnserver TRUN exploit, I decided to use a three byte overwrite to jump to EAX. Three Byte Overwrite (Vulnserver TRUN) - Introduction As I mentioned in my earlier post, I am going through vulnserver for OSCE/binary exploitation practice. … Continue…

Hackers are using more sophisticated methods to target journalists, including those who use two-step authentication (2FA)....

IDAPython tool for creating automatic C++ virtual tables in IDA Pro - 0xgalz/Virtuailor

Social Network Tabs Wordpress Plugin Vulnerability - CVE-2018-20555 - fs0c131y/CVE-2018-20555