The platform independence offered through Wasm makes it an attractive solution for many different applications that can run on disparate infrastructures. However, recent work has shown that Wasm binaries are more sensitive to code confidentiality attacks than native binaries. The previous result was obtained for Intel SGX only. We take this one step further, introducing a new Wasm code-confidentiality attack that exploits exposed address-space information in TEEs. Our attack enables the extraction of crucial execution features which, when combined with additional side channels, allows us to with high reliability obtain more than 70% of the code in most cases

old but gold

A collection of our favourite tricks. Many of those tricks are not from us. We merely collect them.

We show the tricks 'as is' without any explanation why they work. You need to know Linux to understand how and why they work.

Multiple vulns in Anno 1404: Venice multiplayer mode enable arbitrary code execution through path traversal, DLL hijacking, RPC exposure, and memory corruption, demonstrated on Win10

The article details methods to drastically slow Windows object namespace lookups using complex directory structures, symbolic links, and hash collisions, thereby expanding race condition windows for exploitation

A successful container escape from Google Cloud Shell was achieved via hotplug hijacking, exploiting kernel hotplug events on a KVM-hosted environment, highlighting the risks posed by kernel vulnerabilities and system configurations

When performing Active Directory assessments through restricted network paths (SOCKS proxies, port forwarding, etc.), tools like SharpHound or bloodhound-python often fail due to DNS resolution issues or connectivity problems.

ldapsearch works reliably through proxies, but its output (LDIF format) isn't compatible with BloodHound. This tool bridges that gap by:
1. Parsing LDIF files from ldapsearch
2. Decoding binary nTSecurityDenoscriptor attributes using Windows APIs
3. Extracting ACEs (Access Control Entries) for attack path analysis
4. Outputting BloodHound CE v6 compatible JSON files

About Mobile Security Framework

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. MobSF can be used for a variety of use cases such as mobile application security, penetration testing, malware analysis, and privacy analysis. The Static Analyzer supports popular mobile app binaries like APK, IPA, APPX and source code. Meanwhile, the Dynamic Analyzer supports both Android and iOS applications and offers a platform for interactive instrumented testing, runtime data and network traffic analysis. MobSF seamlessly integrates with your DevSecOps or CI/CD pipeline, facilitated by REST APIs and CLI tools, enhancing your security workflow with ease.

MobSF only supports APK, APKS, XAPK, AAB, JAR, AAR, SO, IPA, DYLIB, A, ZIP, and APPX files.

Local-first AI-powered document intelligence platform for investigative journalism

CVE ID: CVE-2025-56157 Date:12/18/2025 Vendor: LangGenius (Dify)Product: Dify Affected Versions: <= v1.5.1Vulnerability Type: Insecure Permissions / Default Credentials Severity: High (Remote Code Execution, Privilege Escalation, Information Disclosure)

This book equips readers with the knowledge and practical skills needed to excel in DevOps. From foundational concepts to advanced techniques, it covers the DevOps lifecycle, including version control, CI/CD, IaC, containerization, Kubernetes, observability, security integration, and site reliability engineering. Each chapter includes hands-on exercises using industry-standard tools like Docker, Jenkins, Terraform, and Prometheus

A Beacon Object File (BOF) that performs the complete ESC1 attack chain in a single execution: certificate request with arbitrary SAN (+SID), PKINIT authentication, and NT hash extraction via UnPAC-the-hash.

1. The lineage: IRC → HTTP/HTTPS → DGA & P2P → fast-flux → cloud/“legit” platforms → blockchain contracts.
2. Why on-chain C2 matters: immutable contracts, pseudonymous wallets, and payload retrieval over public RPC.
3. Trade-offs: resilience vs latency, and how transparency enables forensics even as takedowns get harder.
4. Practical detection: block JSON-RPC egress to public providers, use TLS/JARM and beacon-timing patterns, and watch for DNS tunneling.

Just another C2 Redirector using CloudFlare. Support multiple C2 and multiple domains. Support for websocket listener.