How we built our service encryption infrastructure to optimize for operability and performance, while satisfying the right security model for each service.

I lost north of $100,000 last Wednesday. It evaporated over a 24 hour timespan in a “SIM port attack” that drained my Coinbase account.

The story of a major hash table vulnerability, and how it took a decade to uncover and resolve.

The purpose of this post is to share how one would use a debugger to identify the relevant code path that can trigger the crash. I hope…

0 votes and 3 comments so far on Reddit

Hey 0x00ers! I’m so sorry that it’s been such a long time since I’ve dropped an article here! I’ve been writing for my current company navisec.io @ delta.navisec.io and I’ve not had the chance to drop a good article for 0x00sec for a little while. Today…

Reversing using IDA Pro and inject shellcode with Python

Proof of concept for CVE-2019-0708. Contribute to Ekultek/BlueKeep development by creating an account on GitHub.

How a failing red-team engagement led us to find a silly zero day. And why “insecure by default” is still an issue in 2019.

I recently wrote a CTF challenge for my coworkers. The challenge was written using WebAssembly (WASM), a language I initially knew nothing about. I found the language specification and various API…

CoreOs rkt contains 3 new unpatched CVEs,

A vulnerability in all versions of the Docker platform can give an attacker full read and write access to the host file system.

Recorded Future is being acquired by tech investor Insight Partners in a $780 million all-cash deal, the cyber-threat intelligence company announced this

Implementing a New CPU Architecture for Ghidra @guedou BeeRump Before the talk zoom the presenter notes CTRL + ALT + / || CTRL + F4

In 2017, I zero-to-one’d a YouTube search site that helps users navigate channels with really long videos using an index on caption data.

- Click here if you just want to read the Paper -In the last two posts of this series, we first introduced the governance issues in PKI and then the circular dependency between establishing trust in PKI certificates and establishing the current time on a…

After my previous post I’ve been thinking about the next step, should I start a series where I implement all OWASP TOP10 vulnerabilities and then break them? It could’ve happened, but I decided to try myself at hackthebox. I had an account for almost…

Python tool which scours popular CI tools build logs - darshkpatel/BuildScour

While I was prepping for a session a while back I made a a little special discovery about AppLocker. Turns out that the files that AppLocker uses under C:\Windows\System32\AppLocker can be used in …

0 votes and 1 comment so far on Reddit

Yet another incident of Border Gateway Protocol (BGP) hijack, with the latest victim this time in Taiwan. Earlier this month (May 8), traffic going through a public DNS run by Taiwan Network Inform…