​To continue our journey in the realm of bypassing UAC (see previous work here ), we’ve decided to investigate Windows Server 2019. Please note this blog post is not a UAC primer but if you need...

A quick walkthrough of the setup required to exploit a CSRF vulnerability on a JSON endpoint using a third party attacker controlled…

The security of our network is of paramount concern to us, thus we are starting a series of posts that discuss our robust design. For a…

Remote Code Execution Techniques and more.

Dynamically finding the Win95 kernel32.dll base address and exported APIs.

0 votes and 0 comments so far on Reddit

For Educational Purposes Only! Intended for Hackers Penetration testers. Issue The algorithm HS256 uses the secret key to sign and verify each message. The...

Nowadays, logs collection for security monitoring is about indexing, searching and datalakes; this is why at NVISO we use Elasticsearch for our threat hunting activities. Collecting, aggregating an…

At BlackHat Asia we released Evil Clippy, a tool which assists red teamers and security testers in creating malicious MS Office documents. Amongst others, Evil Clippy can hide VBA macros, stomp VBA code (via p-code) and confuse popular macro analysis tools.…

0 votes and 0 comments so far on Reddit

We wrote a cryptography library entirely in PHP to make your WordPress site secure against supply-chain attacks.

Two days ago, May 5 of the year 2019 we saw a peculiar BGP outage, affecting autonomous systems in the customer cone of one very specific AS with the number 721...

Random CSGO stuff. Contribute to kkthxbye-code/csgo_bugs development by creating an account on GitHub.

command="/usr/local/bin/honeykey kulinacs@honeypot",restrict ssh-rsa AAAAB3NzaCB6iakD kulinacs@honeypot

HostHunter a recon tool for discovering hostnames using OSINT techniques. - SpiderLabs/HostHunter

Ransomware is not a new form of attack, but GandCrab has upgraded it to be more dynamic and harder to resolve.

Phrack staff website.