Quick Summary Hey guys today Chaos retired and here’s my write-up about it. Chaos was a CTF-style machine, I can’t say that it simulated a real life situation. I had fun solving this box, some steps were straightforward others were very tricky. About main…

The Australian Cyber Security Centre (ACSC) is aware of a security incident affecting the Australian online design platform, Canva.

Unpacking and reverse engineering of Bitmain AntMiner Z11 firmware.

Malware has been using unicode since time ago, to hide / obfuscate urls, filenames, noscripts, etc... Right-to-left Override character (e2 80 ...

On the last day of 2018, I discovered a type confusion vulnerability in Internet Explorer that yields a clean write-what-where primitive. It patched this April as CVE-2019-0752 . As an exercise, I wrote a full exploit for this vulnerability using an original…

I have recently joined a startup and have been a part of their InfoSec team. Recently this thought popped up in my mind that I should…

Over the last few weeks, I’ve had conversations with several individuals around mitigating lateral movement in a Windows environment. In…

A while ago I started a project for managing real-word web honeypots. I initially built it to manage some WordPress honeypots but after…

Tool to extract Kerberos tickets from Linux kernel keys. - TarlogicSecurity/tickey

0 votes and 1 comment so far on Reddit

I’ve written a couple of times on the subject of boot loaders and full disk encryption, but I haven’t really explored it in more detail. With this blog post I hope to dive a bit deeper …

Password Breach Hunting and Email OSINT locally or using premium services. Supports chasing down related email - khast3x/h8mail

Inject JavaScript to explore native apps on Windows, macOS, GNU/Linux, iOS, Android, and QNX

Sample pentest report provided by TCM Security. Contribute to hmaverickadams/TCM-Security-Sample-Pentest-Report development by creating an account on GitHub.

0 votes and 0 comments so far on Reddit

In this blog post we will walk through how throwing 160 distributed CPUs at a fuzzing target that takes initially one year of CPU time can shorten the fuzzing time substantially. Also we will share test-cases where throwing more CPUs … Read More

By extending cloud infrastructure security left to development and testing phases, we can have a high degree of certainty that the production environment meets policy when deployed.

fatt /fingerprintAllTheThings - a pyshark based noscript for extracting network metadata and fingerprints from pcap files and live network traffic - 0x4D31/fatt

One malicious campaign used false articles about Drake and the Weeknd to promote casinos.

Microsoft announced a vulnerability in it's "Remote Desktop" product that can lead to robust, wormable exploits. I scanned the Internet to a...

Finding valuable data during post-exploitation can be a challenge. Leprechaun helps solve this problem.