Research

Date Text URI
Nov. 30, 2024 Dissecting JA4H for improved Sliver C2 detections https://www.reddit.com/r/netsec/comments/1h2i411/dissecting_ja4h_for_improved_sliver_c2_detections/
Nov. 28, 2024 New PE Vulnerability in Windows OS! https://www.reddit.com/r/netsec/comments/1h112rz/new_pe_vulnerability_in_windows_os/
Nov. 28, 2024 Analyzing APT36’s ElizaRAT: Evolution of Espionage Techniques https://www.reddit.com/r/netsec/comments/1h1rtvt/analyzing_apt36s_elizarat_evolution_of_espionage/
Nov. 25, 2024 Security Analysis of the MERGE Voting Protocol https://www.schneier.com/blog/archives/2024/11/security-analysis-of-the-merge-voting-protocol.html
Sept. 20, 2024 A Journey From `sudo iptables` To Local Privilege Escalation - Shielder https://www.reddit.com/r/netsec/comments/1flca3w/a_journey_from_sudo_iptables_to_local_privilege/
Sept. 20, 2024 Vulnerabilities in Open Source C2 Frameworks https://www.reddit.com/r/netsec/comments/1fk27w9/vulnerabilities_in_open_source_c2_frameworks/
Sept. 12, 2024 Blog Post: Intelligent Adversary Emulation with the Bounty Hunter https://www.reddit.com/r/netsec/comments/1feybki/blog_post_intelligent_adversary_emulation_with/
Sept. 12, 2024 Why Django’s [DEBUG=True] is a Goldmine for Hackers https://www.reddit.com/r/netsec/comments/1fec2w0/why_djangos_debugtrue_is_a_goldmine_for_hackers/
Sept. 12, 2024 Browser Stored Credentials https://www.reddit.com/r/netsec/comments/1fde3lk/browser_stored_credentials/
Sept. 12, 2024 Blog Series on Android Bytecode Exploitation https://www.reddit.com/r/netsec/comments/1fe4p0z/blog_series_on_android_bytecode_exploitation/
Sept. 12, 2024 The Security Canary Maturity Model https://www.reddit.com/r/netsec/comments/1fe55uj/the_security_canary_maturity_model/
Sept. 12, 2024 We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI - watchTowr Labs https://www.reddit.com/r/netsec/comments/1fe732m/we_spent_20_to_achieve_rce_and_accidentally/
Aug. 7, 2024 0.0.0.0 Day: Exploiting Localhost APIs From the Browser https://www.reddit.com/r/netsec/comments/1emisp1/0000_day_exploiting_localhost_apis_from_the/
Aug. 7, 2024 Unveiling the Power Duo: osquery and osctrl https://www.reddit.com/r/netsec/comments/1ellf4d/unveiling_the_power_duo_osquery_and_osctrl/
Aug. 7, 2024 Tony Hawk's Pro Strcpy https://www.reddit.com/r/netsec/comments/1emmieq/tony_hawks_pro_strcpy/
Aug. 3, 2024 MITMing the Xbox 360 Dashboard for Fun and RCE https://www.reddit.com/r/netsec/comments/1egs8rn/mitming_the_xbox_360_dashboard_for_fun_and_rce/
Aug. 3, 2024 SLUBStick: Linux Kernel Exploitation with Cross-Cache Attacks https://securityonline.info/slubstick-linux-kernel-exploitation-with-cross-cache-attacks/
Aug. 3, 2024 Create your own custom implant for Initial Access - Blog https://www.reddit.com/r/netsec/comments/1egu4cb/create_your_own_custom_implant_for_initial_access/
Aug. 3, 2024 Patching client-side React JS to gain admin access to a Siemens cloud application https://www.reddit.com/r/netsec/comments/1egy891/patching_clientside_react_js_to_gain_admin_access/
Aug. 3, 2024 Bypassing Rockwell Automation Logix Controllers’ Local Chassis Security Protection https://www.reddit.com/r/netsec/comments/1ehlyi4/bypassing_rockwell_automation_logix_controllers/
July 24, 2024 Blocking EDR Telemetry via PitM Network Filtering https://www.reddit.com/r/netsec/comments/1ea2pkk/blocking_edr_telemetry_via_pitm_network_filtering/
July 24, 2024 CVE-2019-8805: Apple EndpointSecurity framework Privilege Escalation https://www.reddit.com/r/netsec/comments/1ea9bu3/cve20198805_apple_endpointsecurity_framework/
July 9, 2024 Reverse-Engineering Ticketmaster’s Barcode System https://www.schneier.com/blog/archives/2024/07/reverse-engineering-ticketmasters-barcode-system.html
July 8, 2024 Understanding Authentication in Enterprise Wi-Fi https://www.reddit.com/r/netsec/comments/1dx95pc/understanding_authentication_in_enterprise_wifi/
July 5, 2024 Raising Beacons without UDRL and teaching them how to sleep https://www.reddit.com/r/netsec/comments/1dv6tsd/raising_beacons_without_udrl_and_teaching_them/
July 5, 2024 Ring Around The Regex: Lessons learned from fuzzing regex libraries (Part 1) https://www.reddit.com/r/netsec/comments/1dvjw6t/ring_around_the_regex_lessons_learned_from/
June 23, 2024 Understanding Protected Management Frames https://www.reddit.com/r/netsec/comments/1dmj2ii/understanding_protected_management_frames/
May 26, 2024 Nuking Weak Shellcode Hacker Hashes For Fun And Profit! https://www.reddit.com/r/netsec/comments/1cyul5q/nuking_weak_shellcode_hacker_hashes_for_fun_and/
May 16, 2024 Response Filter Denial of Service (RFDoS): shut down a website by triggering WAF rule https://www.reddit.com/r/netsec/comments/1crlimr/response_filter_denial_of_service_rfdos_shut_down/
May 16, 2024 Credential leakage risks hiding in Frontend code (real statistics from Korean websites) https://www.reddit.com/r/netsec/comments/1crrg6p/credential_leakage_risks_hiding_in_frontend_code/
May 16, 2024 "Password cracking: past, present, future" OffensiveCon 2024 keynote talk slides https://www.reddit.com/r/netsec/comments/1crsndo/password_cracking_past_present_future/
May 16, 2024 Executing Cobalt Strike's BOFs on ARM-based Linux devices https://www.reddit.com/r/netsec/comments/1csj14m/executing_cobalt_strikes_bofs_on_armbased_linux/
May 16, 2024 Patch Diffing CVE-2024-3400 from a Palo Alto NGFW Marketplace AMI https://www.reddit.com/r/netsec/comments/1ct46ut/patch_diffing_cve20243400_from_a_palo_alto_ngfw/
May 16, 2024 How an Employee's Personal GitHub Repository Compromised Azure’s Internal Container Registry https://www.reddit.com/r/netsec/comments/1ctf3xr/how_an_employees_personal_github_repository/
May 13, 2024 Unmasking Adversary Cloud Defense Evasion Strategies: Modify Cloud Compute Infrastructure Part 1 https://www.reddit.com/r/netsec/comments/1cosb1j/unmasking_adversary_cloud_defense_evasion/
May 4, 2024 It’s Morphin’ Time: Self-Modifying Code Sections with WriteProcessMemory for EDR Evasion https://www.reddit.com/r/netsec/comments/1ci87pd/its_morphin_time_selfmodifying_code_sections_with/
May 4, 2024 Ever wondered where your inserted data went? Our Burp Suite Extension FlowMate helps you find out. https://www.reddit.com/r/netsec/comments/1cj8q5i/ever_wondered_where_your_inserted_data_went_our/
May 4, 2024 Flutter Windows Thick Client SSL Pinning Bypass https://www.reddit.com/r/netsec/comments/1cje9gq/flutter_windows_thick_client_ssl_pinning_bypass/
April 25, 2024 Exploring Vulnerabilities in Embedded Devices: A Case Study of an IP Phone https://www.reddit.com/r/netsec/comments/1ccoqia/exploring_vulnerabilities_in_embedded_devices_a/
April 24, 2024 BlackBerry MDM Has Some Authentication Flaws https://www.reddit.com/r/netsec/comments/1cb45v8/blackberry_mdm_has_some_authentication_flaws/
April 23, 2024 An Analysis of the DHEat DoS Against SSH in Cloud Environments https://www.reddit.com/r/netsec/comments/1cb132j/an_analysis_of_the_dheat_dos_against_ssh_in_cloud/
April 22, 2024 Backdooring Dotnet Applications https://www.reddit.com/r/netsec/comments/1c8444c/backdooring_dotnet_applications/
April 20, 2024 Backdooring Dotnet Applications https://www.reddit.com/r/netsec/comments/1c8444c/backdooring_dotnet_applications/
April 20, 2024 On Windows Registry by researcher who got 50+ CVEs there https://www.reddit.com/r/netsec/comments/1c78m8i/on_windows_registry_by_researcher_who_got_50_cves/
April 19, 2024 VectorKernel - PoCs For Kernelmode Rootkit Techniques Research http://www.kitploit.com/2024/04/vectorkernel-pocs-for-kernelmode.html
April 18, 2024 A quick post on Chen’s algorithm https://www.reddit.com/r/netsec/comments/1c5q3mw/a_quick_post_on_chens_algorithm/
April 18, 2024 Palo Alto - Putting The Protecc In GlobalProtect (CVE-2024-3400) - watchTowr Labs https://www.reddit.com/r/netsec/comments/1c5gxfl/palo_alto_putting_the_protecc_in_globalprotect/
April 14, 2024 Spectre v2 Exploit - Branch History Injection https://www.reddit.com/r/netsec/comments/1c3lhbh/spectre_v2_exploit_branch_history_injection/
April 14, 2024 RUBYCARP: A Detailed Analysis of a Sophisticated Decade-Old Botnet Group https://www.reddit.com/r/netsec/comments/1bzw7a0/rubycarp_a_detailed_analysis_of_a_sophisticated/
April 14, 2024 How a 9.8 critical security vulnerability in ZeroMQ was found (with mostly pure luck) https://www.reddit.com/r/netsec/comments/1c1o1l3/how_a_98_critical_security_vulnerability_in/
April 14, 2024 Unpacking the Fuxnet Malware https://www.reddit.com/r/netsec/comments/1c2ge0k/unpacking_the_fuxnet_malware/
Feb. 13, 2024 Bypassing EDRs With EDR-Preloading https://malwaretech.com/2024/02/bypassing-edrs-with-edr-preload.html
Feb. 11, 2024 JSON Smuggling: A far-fetched intrusion detection evasion technique https://grimminck.medium.com/json-smuggling-a-far-fetched-intrusion-detection-evasion-technique-51ed8f5ee05f
Feb. 11, 2024 Cobalt Strike Profiles for EDR Evasion https://github.com/EvilGreys/Cobalt-Strike-Profiles-for-EDR-Evasion
Jan. 1, 2024 Hide and Seek in Windows' Closet: Unmasking the WinSxS Hijacking Hideout https://www.securityjoes.com/post/hide-and-seek-in-windows-closet-unmasking-the-winsxs-hijacking-hideout
Dec. 28, 2023 Operation Triangulation: The last (hardware) mystery https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/
Dec. 28, 2023 AI In Windows: Investigating Windows Copilot https://blog.trailofbits.com/2023/12/27/ai-in-windows-investigating-windows-copilot/
Dec. 26, 2023 Rust Binary Analysis https://research.checkpoint.com/2023/rust-binary-analysis-feature-by-feature/
Dec. 25, 2023 An Introduction to Bypassing User Mode EDR Hooks https://malwaretech.com/2023/12/an-introduction-to-bypassing-user-mode-edr-hooks.html
Dec. 24, 2023 All I Want for Christmas is Reflective DLL Injection https://oldboy21.github.io/posts/2023/12/all-i-want-for-christmas-is-reflective-dll-injection/
Dec. 23, 2023 Catching OpenSSL misuse using CodeQL https://blog.trailofbits.com/2023/12/22/catching-openssl-misuse-using-codeql/
Dec. 21, 2023 Dumping NTHASHES from Microsoft Entra ID https://www.secureworks.com/research/dumping-nthashes-from-microsoft-entra-id
Dec. 19, 2023 Streamlined Public YARA Rule Collection https://cyb3rops.medium.com/introducing-yara-forge-a77cbb77dcab
Dec. 19, 2023 Mute the Sound: Chaining Vulnerabilities to Achieve RCE on Outlook: Pt 1 https://www.akamai.com/blog/security-research/2023/dec/chaining-vulnerabilities-to-achieve-rce-part-one
Dec. 14, 2023 Module Stomping - Who up stompin they modules https://dtsec.us/2023-11-04-ModuleStompin/
Dec. 12, 2023 Fuzzing: The age of vulnerability discovery https://fuzzing.io/hushcon23.pdf
Dec. 12, 2023 Web Application Firewalls a.k.a. WAF are garbage: Bypasses https://github.com/waf-bypass-maker/waf-community-bypasses
Dec. 12, 2023 EDR Telemetry: This project aims to compare and evaluate the telemetry of various EDR products. https://github.com/tsale/EDR-Telemetry
Dec. 12, 2023 The Pool Party You Will Never Forget: New Process Injection Techniques Using Windows Thread Pools https://www.safebreach.com/blog/process-injection-using-windows-thread-pools
Dec. 12, 2023 Bypassing Windows Defender https://0xstarlight.github.io/posts/Bypassing-Windows-Defender/
Dec. 9, 2023 5Ghoul : Unleashing Chaos on 5G Edge Devices https://asset-group.github.io/disclosures/5ghoul/
Dec. 7, 2023 Ghidra Basics - Identifying, Decoding and Fixing Encrypted Strings https://embee-research.ghost.io/ghidra-basics-identifying-and-decoding-encrypted-strings/
Dec. 6, 2023 Set of custom CodeQL queries for Go and C https://blog.trailofbits.com/2023/12/06/publishing-trail-of-bits-codeql-queries/
Dec. 5, 2023 The SOCKS We Have at Home https://trustedsec.com/blog/the-socks-we-have-at-home
Dec. 4, 2023 Shooting Yourself in the .flags – Jailbreaking the Sonos Era 100 https://research.nccgroup.com/2023/12/04/shooting-yourself-in-the-flags-jailbreaking-the-sonos-era-100/
Nov. 28, 2023 Unmasking the Dark Art of Vectored Exception Handling: Bypassing XDR and EDR in the Evolving CyberThreat Landscape https://www.slideshare.net/slideshow/embed_code/key/4BSm2z8iTWxbnG
Nov. 24, 2023 Living Off the Foreign Land - Part 3/3: Using Windows as Offensive Platform https://blog.bitsadmin.com/living-off-the-foreign-land-windows-as-offensive-platform-part-3#event-tracing-for-windows
Nov. 21, 2023 Stealing the Bitlocker key from a TPM https://astralvx.com/stealing-the-bitlocker-key-from-a-tpm/
Nov. 21, 2023 How to catch a wild triangle https://securelist.com/operation-triangulation-catching-wild-triangle/110916/
Nov. 21, 2023 Persistence – Scheduled Task Tampering https://pentestlab.blog/2023/11/20/persistence-scheduled-task-tampering/
Nov. 21, 2023 Process Injection - Avoiding Kernel Triggered Memory Scans https://www.r-tec.net/r-tec-blog-process-injection-avoiding-kernel-triggered-memory-scans.html
Nov. 19, 2023 Reversing the protections used by Microsoft's EMET http://0xdabbad00.com/2013/11/18/emet-4-1-uncovered/
Nov. 18, 2023 Ask SentinelOne to dump a process to disk, nicely! https://gist.github.com/adamsvoboda/8e248c6b7fb812af5d04daba141c867e
Nov. 13, 2023 In-Memory-Only ELF Execution (Without tmpfs) https://magisterquis.github.io/2018/03/31/in-memory-only-elf-execution.html
Nov. 13, 2023 Present and Future of LLMs in Software Security https://moyix.net/~moyix/LLMs_SoftwareSecurity_CSAW.pdf
Nov. 13, 2023 Adversarial Attacks on LLMs https://lilianweng.github.io/posts/2023-10-25-adv-attack-llm/
Nov. 10, 2023 Modern Asian APT groups’ tactics, techniques and procedures (TTPs) https://securelist.com/modern-asia-apt-groups-ttp/111009/
Oct. 31, 2023 Lateral Movement: Abuse the Power of DCOM Excel Application https://posts.specterops.io/lateral-movement-abuse-the-power-of-dcom-excel-application-3c016d0d9922
Oct. 31, 2023 The issue with ATS in Apple’s macOS and iOS https://blog.trailofbits.com/2023/10/30/the-issue-with-ats-in-apples-macos-and-ios/
Oct. 30, 2023 Breaking 64 bit aslr on Linux x86-64 https://github.com/nick0ve/how-to-bypass-aslr-on-linux-x86_64
Oct. 26, 2023 StripedFly: Perennially flying under the radar https://securelist.com/stripedfly-perennially-flying-under-the-radar/110903/?utm_source=twitter&utm_medium=social&utm_campaign=gl_SAS-JE_je0066&utm_content=link&utm_term=gl_twitter_organic_izosxwds3vx
Oct. 26, 2023 Defender Pretender: When Windows Defender Updates Become a Security Risk https://www.safebreach.com/blog/defender-pretender-when-windows-defender-updates-become-a-security-risk/
Oct. 19, 2023 Exploiting Zenbleed from Chrome https://vu.ls/blog/exploiting-zenbleed-from-chrome/
Oct. 12, 2023 Mastering Windows Access Control: Understanding SeDebugPrivilege https://www.binarydefense.com/resources/blog/mastering-windows-access-control-understanding-sedebugprivilege/
Oct. 11, 2023 Introduction to DotNet Configuration Extraction - RevengeRAT https://embee-research.ghost.io/introduction-to-dotnet-configuration-extraction-revengerat/
Oct. 3, 2023 Survive Access Key Deletion with sts:GetFederationToken https://hackingthe.cloud/aws/post_exploitation/survive_access_key_deletion_with_sts_getfederationtoken/
Oct. 3, 2023 Home Grown Red Team: LNK Phishing Revisited In 2023 https://assume-breach.medium.com/home-grown-red-team-lnk-phishing-revisited-in-2023-364daf70a06a
Oct. 3, 2023 nftables Adventures: Bug Hunting and N-day Exploitation (CVE-2023-31248) https://starlabs.sg/blog/2023/09-nftables-adventures-bug-hunting-and-n-day-exploitation/
Oct. 2, 2023 .NET Assembly Obfuscation for Memory Scanner Evasion https://www.r-tec.net/r-tec-blog-net-assembly-obfuscation-for-memory-scanner-evasion.html
Sept. 24, 2023 Exploring Impersonation through the Named Pipe Filesystem Driver https://jsecurity101.medium.com/exploring-impersonation-through-the-named-pipe-filesystem-driver-15f324dfbaf2
Sept. 24, 2023 Multiple Command and Control (C2) Frameworks During Red Team Engagements https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/multiple-command-and-control-c2-frameworks-during-red-team-engagements/
Sept. 23, 2023 Malware Persistence Locations: Windows and Linux https://marcoramilli.com/2023/09/23/malware-persistence-locations-windows-and-linux/
Sept. 23, 2023 Some experiments with Process Hollowing https://insinuator.net/2022/09/some-experiments-with-process-hollowing/
Sept. 22, 2023 Finding Deserialization Bugs in the Solarwind Platform https://www.zerodayinitiative.com/blog/2023/9/21/finding-deserialization-bugs-in-the-solarwind-platform
Sept. 19, 2023 Hypervisor Detection with SystemHypervisorDetailInformation https://medium.com/@matterpreter/hypervisor-detection-with-systemhypervisordetailinformation-26e44a57f80e
Sept. 19, 2023 I Hacked MacOS! https://asahilina.net/agx-exploit/
Sept. 17, 2023 Attacking an EDR - Part 1 - For some fun and a fair bit of profit https://riccardoancarani.github.io/2023-08-03-attacking-an-edr-part-1/
Sept. 16, 2023 Retool blames breach on Google Authenticator MFA cloud sync feature https://www.bleepingcomputer.com/news/security/retool-blames-breach-on-google-authenticator-mfa-cloud-sync-feature/
Sept. 15, 2023 Bypassing UAC with SSPI Datagram Contexts https://splintercod3.blogspot.com/p/bypassing-uac-with-sspi-datagram.html?m=1
Sept. 14, 2023 The GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency Tree https://www.paloaltonetworks.com/blog/prisma-cloud/github-actions-worm-dependencies/
Sept. 12, 2023 Deleting Your Way Into SYSTEM: Why Arbitrary File Deletion Vulnerabilities Matter https://www.mandiant.com/resources/blog/arbitrary-file-deletion-vulnerabilities
Sept. 12, 2023 Persistent Threat: New Exploit Puts Thousands of GitHub Repositories and Millions of Users at Risk https://checkmarx.com/blog/persistent-threat-new-exploit-puts-thousands-of-github-repositories-and-millions-of-users-at-risk/
Sept. 12, 2023 A new method for container escape using file-based DirtyCred https://starlabs.sg/blog/2023/07-a-new-method-for-container-escape-using-file-based-dirtycred/
Sept. 12, 2023 WindowsNoExec - Abusing existing instructions to executing arbitrary code without allocating executable memory https://www.x86matthew.com/view_post?id=windows_no_exec
Sept. 7, 2023 Debugging Windows Isolated User Mode (IUM) Processes https://blog.quarkslab.com/debugging-windows-isolated-user-mode-ium-processes.html
Sept. 7, 2023 Nagios Plugins: Hacking Monitored Servers with check_by_ssh and Argument Injection: CVE-2023-37154 https://joshua.hu/nagios-hacking-cve-2023-37154
Sept. 7, 2023 Next-Generation Context Aware Password Cracking https://medium.com/@doctoreww/next-generation-context-aware-password-cracking-39b65e3aa976
Sept. 7, 2023 Boot Unguarded: x86 Trust Anchor Downfalls to The Leaked OEM Internal Tools and Signing Keys https://hardenedlinux.org/blog/2023-09-07-boot-unguarded-x86-trust-anchor-downfalls-to-the-leaked-oem-internal-tools-and-signing-keys/
Sept. 6, 2023 How Microsoft Had Signing Key Compromised - Results of Major Technical Investigations for Storm-0558 Key Acquisition https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/
Sept. 5, 2023 Bypassing Windows Defender and Ppl Protection With Pplblade to Dump Lsass Without Detection https://github.com/tastypepperoni/PPLBlade
Sept. 4, 2023 Uncovering Web Cache Deception: A Missed Vulnerability in the Most Unexpected Places https://blog.agilehunt.com/blogs/security/web-cache-deception-attack-on-404-page-exposing-pii-data-to-unauthenticated-users
Sept. 3, 2023 NetNTLMv1 Downgrade to compromise https://www.r-tec.net/r-tec-blog-netntlmv1-downgrade-to-compromise.html
Sept. 1, 2023 Converting Tokens to Session Cookies for Outlook Web Application https://labs.lares.com/owa-cap-bypass/
Aug. 30, 2023 Kinsing Malware Exploits Novel Openfire Vulnerability https://blog.aquasec.com/kinsing-malware-exploits-novel-openfire-vulnerability
Aug. 29, 2023 AWS WAF Bypass: invalid JSON object and unicode escape sequences https://blog.sicuranext.com/aws-waf-bypass/
Aug. 28, 2023 MalDoc in PDF - Detection bypass by embedding a malicious Word file into a PDF file https://blogs.jpcert.or.jp/en/2023/08/maldocinpdf.html
Aug. 24, 2023 API Hacking with ChatGPT https://youtu.be/BTlUEWHRldk?feature=shared
Aug. 24, 2023 Azure AD Security Defaults/MFA Bypass with Graph API https://rootsecdev.medium.com/azure-ad-security-defaults-mfa-bypass-with-graph-api-86a5d6f57d4a
Aug. 24, 2023 Exploit Equivalence Classes https://blog.isosceles.com/exploit-equivalence-classes/
Aug. 22, 2023 macOS App Management vulnerability illustrated https://lapcatsoftware.com/articles/2023/8/3.html
Aug. 22, 2023 Azure Threat Research Matrix https://microsoft.github.io/Azure-Threat-Research-Matrix/
Aug. 22, 2023 Found a weird bug in Google's Fuchsia MMU subsystem (CVE-2021-22566) https://bugs.fuchsia.dev/p/fuchsia/issues/detail?id=88451
Aug. 22, 2023 Abusing nvidia driver (nvoclock.sys) for physical/virtual memory and control register manipulation. https://github.com/zer0condition/NVDrv
Aug. 22, 2023 (Tool) Garble: Obfuscate Go builds https://github.com/burrowers/garble
Aug. 22, 2023 Blinding EDR On Windows https://synzack.github.io/Blinding-EDR-On-Windows/
Aug. 21, 2023 Living off the Foreign Land Cmdlets and Binaries https://lofl-project.github.io/
Aug. 19, 2023 Offensive Tool Development - The Shellcode Compiler Was Right There All Along... (Part 1) https://sh3llsp4wn.github.io/Shellcode-With-The-Default-Linux-Toolchain/
Aug. 19, 2023 Journey into Windows Kernel Exploitation: The Basics https://blog.neuvik.com/journey-into-windows-kernel-exploitation-the-basics-fff72116ca33
Aug. 19, 2023 NoFilter - Abusing Windows Filtering Platform for Privilege Escalation https://www.deepinstinct.com/blog/nofilter-abusing-windows-filtering-platform-for-privilege-escalation
Aug. 19, 2023 Process Injection using CreateRemoteThread API https://tbhaxor.com/createremotethread-process-injection/
Aug. 19, 2023 DLL Notification Injection https://shorsec.io/blog/dll-notification-injection/
Aug. 15, 2023 Knocking on Hell's Gate - EDR Evasion Through Direct Syscalls https://labs.en1gma.co/malwaredevelopment/evasion/security/2023/08/14/syscalls.html
Aug. 15, 2023 Creating Fully Undetectable JavaScript Payloads to Evade Next-Generation Firewalls https://elliotonsecurity.com/creating-fully-undetectable-javscript-payloads-to-evade-next-generation-firewalls/
Aug. 15, 2023 Exploits Explained: Finding Flaws in an ATM Software Tool https://www.synack.com/blog/exploits-explained-finding-flaws-in-an-atm-software-tool/
Aug. 14, 2023 Weaponizing vulnerable driver for privilege escalation— Gigabyte Edition! https://medium.com/@fsx30/weaponizing-vulnerable-driver-for-privilege-escalation-gigabyte-edition-e73ee523598b
Aug. 14, 2023 Hackers Rig Casino Card-Shuffling Machines for ‘Full Control’ Cheating https://www.wired.com/story/card-shuffler-hack/
Aug. 13, 2023 VS Code’s Token Security: Keeping Your Secrets… Not So Secretly https://cycode.com/blog/exposing-vscode-secrets/
Aug. 13, 2023 Unpacking Emotet Trojan https://infosecwriteups.com/unpacking-emotet-trojan-dac7e6119a0a
Aug. 13, 2023 TunnelCrack is a combination of two widespread security vulnerabilities in VPNs https://tunnelcrack.mathyvanhoef.com/
Aug. 11, 2023 A Pain in the NAS: Exploiting Cloud Connectivity to PWN your NAS: WD PR4100 Edition https://claroty.com/team82/research/a-pain-in-the-nas-exploiting-cloud-connectivity-to-pwn-your-nas-wd-pr4100-edition
Aug. 11, 2023 Close Encounters of the Advanced Persistent Kind: Leveraging Rootkits for Post-Exploitation https://github.com/FuzzySecurity/BHUSA-2023
Aug. 11, 2023 Abusing undocumented features to spoof PE section headers https://secret.club/2023/06/05/spoof-pe-sections.html
Aug. 11, 2023 Zero Touch Pwn: Abusing Zoom's Zero Touch Provisioning for Remote Attacks on Desk Phones https://blog.syss.com/posts/zero-touch-pwn/
Aug. 10, 2023 JTAG 'Hacking' the Original Xbox in 2023 https://blog.ret2.io/2023/08/09/jtag-hacking-the-original-xbox-2023/
Aug. 9, 2023 OPC UA Deep Dive Series: A One-of-a-Kind OPC UA Exploit Framework https://claroty.com/team82/research/opc-ua-deep-dive-series-a-one-of-a-kind-opc-ua-exploit-framework
Aug. 9, 2023 16 Zero-Day Vulnerabilities Affecting CODESYS Framework Leading to Remote Code Execution on Millions of Industrial Devices Across Industries https://www.blackhat.com/us-23/briefings/schedule/index.html#code--zero-day-vulnerabilities-affecting-codesys-framework-leading-to-remote-code-execution-on-millions-of-industrial-devices-across-indust
Aug. 8, 2023 How a simple K-TypeConfusion took me 3 months long to create a exploit? [HEVD] - Windows 11 (build 22621) https://wafzsucks.medium.com/how-a-simple-k-typeconfusion-took-me-3-months-long-to-create-a-exploit-f643c94d445f
Aug. 8, 2023 Intel BIOS Advisory – Memory Corruption in HID Drivers https://research.nccgroup.com/2023/08/08/intel-bios-advisory-memory-corruption-in-hid-drivers/
Aug. 7, 2023 Custom GetModuleHandle & GetProcAddress - Resolve module handle and function address without using GetModuleHandle and GetProcAddress https://blog.atsika.ninja/posts/custom_getmodulehandle_getprocaddress/
Aug. 7, 2023 How To Dump Lsass Without Mimikatz https://reconshell.com/how-to-dump-lsass-without-mimikatz/
Aug. 7, 2023 Privilege Escalation in AWS - Part 01 https://mystic0x1.github.io/posts/AWS-Privilege-Escalation-Part-01/
Aug. 7, 2023 Reverse Engineering a Neural Network's Clever Solution to Binary Addition https://cprimozic.net/blog/reverse-engineering-a-small-neural-network/
Aug. 5, 2023 Attacking JS engines: Fundamentals for understanding memory corruption crashes https://www.sidechannel.blog/en/attacking-js-engines/
Aug. 3, 2023 Hook, Line, and Phishlet: Conquering AD FS with Evilginx https://research.aurainfosec.io/pentest/hook-line-and-phishlet/
Aug. 3, 2023 Unauthorized Access to Cross-Tenant Applications in a Microsoft Azure Service https://www.tenable.com/security/research/tra-2023-25
Aug. 2, 2023 Mitiga Security Advisory: Abusing the AWS SSM Agent as a Remote Access Trojan https://www.mitiga.io/blog/mitiga-security-advisory-abusing-the-ssm-agent-as-a-remote-access-trojan
Aug. 2, 2023 Programming with Impacket - Working with SMB https://blog.spookysec.net/Programming-with-Impacket.md/
Aug. 1, 2023 Identifying and Exploiting Unsafe Deserialization in Ruby https://medium.com/@plenumlab/identifying-and-exploiting-unsafe-deserialization-in-ruby-97c7cbd6c05d
Aug. 1, 2023 Actionable Threat Intel (V) - Autogenerated Livehunt rules for IoC tracking https://blog.virustotal.com/2023/08/actionable-threat-intel-v-autogenerated.html
July 31, 2023 Intel VT-rp - Part 2. paging-write and guest-paging verification https://tandasat.github.io/blog/2023/07/31/intel-vt-rp-part-2.html
July 31, 2023 LOLDrivers 2.0: Pioneering Progress https://medium.com/magicswordio/loldrivers-2-0-pioneering-progress-c3b487f80489
July 31, 2023 Escaping the Google kCTF Container with a Data-Only Exploit https://h0mbre.github.io/kCTF_Data_Only_Exploit/
July 30, 2023 A/B Testing with Fat Tails https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3171224
July 30, 2023 As of build 25915 (latest Preview) all known API based kernel address leaks no longer work unless requested by a process with SeDebugPrivilege (only available to admin processes) https://twitter.com/yarden_shafir/status/1685740223181832193
July 30, 2023 Computer Scientists Discover Limits of Major Research Algorithm https://www.quantamagazine.org/computer-scientists-discover-limits-of-major-research-algorithm-20210817/
July 28, 2023 Universal and Transferable Attacks on Aligned Language Models #ChatGPT #LLM #AI #adversarial https://llm-attacks.org/
July 28, 2023 Intel VT-rp - Part 1. remapping attack and HLAT https://tandasat.github.io/blog/2023/07/05/intel-vt-rp-part-1.html
July 27, 2023 Rust Binary Analysis - Feature by Feature https://research.checkpoint.com/2023/rust-binary-analysis-feature-by-feature/
July 27, 2023 Total BYOVD Kernel-level protection for Windows using Windows Defender Application Control https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDAC-policy-for-BYOVD-Kernel-mode-only-protection
July 27, 2023 Finding and exploiting process killer drivers with LOL for 3000$ https://alice.climent-pommeret.red/posts/process-killer-driver/
July 26, 2023 The Black Box of GitHub Leaks: Analyzing Companies’ GitHub Repos https://socradar.io/the-black-box-of-github-leaks-analyzing-companies-github-repos/
July 26, 2023 Redrawing Infosec Boundaries: The Impact of Large AI Models https://rob.science/2023/04/22/redrawing-infosec-boundaries-the-impact-of-large-ai-models/
July 26, 2023 The Legacy of Stagefright https://blog.isosceles.com/the-legacy-of-stagefright/
July 25, 2023 Linux kernel CVE exploit analysis report and relative debug environment. https://github.com/bsauce/kernel-exploit-factory
July 24, 2023 Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2 https://github.com/CognisysGroup/HadesLdr
July 24, 2023 https://kpwn.de/2023/06/brute-forcing-one-time-passwords/ https://kpwn.de/2023/06/brute-forcing-one-time-passwords/
July 23, 2023 Okta Logs Decoded: Unveiling Identity Threats Through Threat Hunting https://www.rezonate.io/blog/okta-logs-decoded-unveiling-identity-threats-through-threat-hunting/
July 23, 2023 Investigating SMS phishing text messages from scratch https://blog.bushidotoken.net/2023/07/investigating-sms-phishing-text.html?m=1
July 22, 2023 Dirty Pagetable: A Novel Exploitation Technique To Rule Linux Kernel https://yanglingxi1993.github.io/dirty_pagetable/dirty_pagetable.html
July 21, 2023 The Death of Infosec Twitter https://www.cyentia.com/the-death-of-infosec-twitter/
July 21, 2023 Brute Forcing A Mobile’s Pin Over Usb With A $3 Board https://hackaday.com/2023/07/16/brute-forcing-a-mobiles-pin-over-usb-with-a-3-board/
July 21, 2023 Brute Forcing A Mobile’s Pin Over Usb With A $3 Board https://hackaday.com/2023/07/16/brute-forcing-a-mobiles-pin-over-usb-with-a-3-board/
July 20, 2023 Forager: Browse Millions of Leaked API keys Found With TruffleHog https://trufflesecurity.com/blog/introducing-forager/
July 20, 2023 Combine Sliver C2 with BallisKit MacroPack Pro and ShellcodePack https://www.linkedin.com/pulse/tutorial-combine-sliver-c2-balliskit-macropack-pro-shellcodepack
July 20, 2023 The SOC Toolbox: Analyzing AutoHotKey compiled executables https://blog.nviso.eu/2023/07/20/the-soc-toolbox-analyzing-autohotkey-compiled-executables/
July 19, 2023 The Flawed Design of Intel TDX https://x86.lol/generic/2023/02/07/intel-tdx.html
July 19, 2023 How We Found Another GitHub Actions Environment Injection Vulnerability in a Google Project https://www.legitsecurity.com/blog/-how-we-found-another-github-action-environment-injection-vulnerability-in-a-google-project
July 19, 2023 BYOS – Bundle Your Own Stealer https://research.checkpoint.com/2023/byos-bundle-your-own-stealer/
July 19, 2023 Escalating Privileges via Third-Party Windows Installers https://www.mandiant.com/resources/blog/privileges-third-party-windows-installers
July 19, 2023 How is Chat-GPT changing over time? https://arxiv.org/pdf/2307.09009.pdf
July 19, 2023 Extending Burp Suite for fun and profit – The Montoya way – Part 3 https://security.humanativaspa.it/extending-burp-suite-for-fun-and-profit-the-montoya-way-part-3/
July 19, 2023 Intel VT-rp - Part 1. remapping attack and HLAT https://tandasat.github.io/blog/2023/07/05/intel-vt-rp-part-1.html
July 18, 2023 A Deep Dive into Penetration Testing of macOS Applications (Part 1) https://www.cyberark.com/resources/all-blog-posts/a-deep-dive-into-penetration-testing-of-macos-applications-part-1
July 18, 2023 ThreadSleeper: Suspending Threads via GMER64 Driver https://www.binarydefense.com/resources/blog/threadsleeper-suspending-threads-via-gmer64-driver/
July 18, 2023 Teltonika RUT router reverse engineering, vulnerabilities analysis and exploitation. https://claroty.com/team82/research/triple-threat-breaking-teltonika-routers-three-ways
July 17, 2023 Beyond the Marketing: Assessing Anti-Bot Platforms through a Hacker's Lens https://blog.umasi.dev/antibots-1
July 17, 2023 Reverse Engineering Walkthrough | Analyzing A Sample Of Arechclient2 https://www.sentinelone.com/blog/reverse-engineering-walkthrough-analyzing-a-sample-of-arechclient2/
July 17, 2023 Poch, Poch, is this thing on? Bypass AMSI with Divide & Conquer https://badoption.eu/blog/2023/07/15/divideconqer.html
July 17, 2023 VBA: resolving exports in runtime without NtQueryInformationProcess or GetProcAddress https://adepts.of0x.cc/vba-exports-runtime/
July 17, 2023 Short blog post on dumping the kernel from embedded/IoT devices (Sonos One speaker) https://www.synacktiv.com/en/publications/dumping-the-sonos-one-smart-speaker
July 17, 2023 Vault Range - The Measure and Resilience of Weaponized Exploit Methods for Linux https://hardenedvault.net/blog/2023-07-16-vault-range-resilience-weaponized-exp-linux/
July 17, 2023 Undocumented 8086 instructions, explained by the microcode http://www.righto.com/2023/07/undocumented-8086-instructions.html?m=1
July 16, 2023 Satellites lack standard security mechanisms found in mobile phones and laptops https://www.helpnetsecurity.com/2023/07/14/satellite-security-mechanisms/?web_view=true
July 15, 2023 Analysis of Storm-0558 techniques for unauthorized email access https://www.microsoft.com/en-us/security/blog/2023/07/14/analysis-of-storm-0558-techniques-for-unauthorized-email-access/
July 14, 2023 Unveiling the Secrets: LSASS Memory Dump Parsing https://cyvisory.hashnode.dev/read-memory-dumps-without-a-cat
July 13, 2023 OffensiveCon 2023 – Exploit Engineering – Attacking the Linux Kernel https://research.nccgroup.com/2023/05/23/offensivecon-2023-exploit-engineering-attacking-the-linux-kernel/
July 12, 2023 The art of fuzzing: Windows Binaries https://bushido-sec.com/index.php/2023/06/25/the-art-of-fuzzing-windows-binaries/
July 9, 2023 Security Research and the Creative Process https://medium.com/@yardenshafir2/security-research-and-the-creative-process-552fd91f52a7
July 7, 2023 A Journey Into Hacking Google Search Appliance https://devco.re/blog/2023/07/07/a-journey-into-hacking-google-search-appliance-en/
July 7, 2023 Introducing Slinky Cat - Living off the AD Land https://labs.lares.com/introducing-slinkycat/
July 4, 2023 Salt Labs exposes a new vulnerability in popular OAuth framework, used in hundreds of online services https://salt.security/blog/a-new-oauth-vulnerability-that-may-impact-hundreds-of-online-services
July 3, 2023 Attacking GraphQL APIs https://portswigger.net/web-security/graphql
July 3, 2023 Retreading The AMLogic A113X TrustZone Exploit Process https://boredpentester.com/retreading-the-amlogic-a113x-trustzone-exploit-process/
June 29, 2023 Uncovering Container Confusion in the Linux Kernel https://www.vusec.net/projects/uncontained/
June 27, 2023 Faster method for determining when two mathematical groups are the same. https://www.quantamagazine.org/computer-scientists-inch-closer-to-major-algorithmic-goal-20230623/
June 26, 2023 RowPress: Amplifying Read Disturbance in Modern DRAM Chips https://people.inf.ethz.ch/omutlu/pub/RowPress_isca23.pdf
June 26, 2023 NSA Releases Guide to Mitigate BlackLotus Threat https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3435305/nsa-releases-guide-to-mitigate-blacklotus-threat/
June 23, 2023 Exploiting Windows’ vulnerabilities with Hyper-V: A Hacker’s swiss army knife https://reversing.info/posts/hyperdeceit/
June 23, 2023 Breaking the Code - Exploiting and Examining CVE-2023-1829 in cls_tcindex Classifier Vulnerability https://starlabs.sg/blog/2023/06-breaking-the-code-exploiting-and-examining-cve-2023-1829-in-cls_tcindex-classifier-vulnerability/
June 22, 2023 NETGEAR Routers: A Playground for Hackers? https://research.nccgroup.com/2023/05/15/netgear-routers-a-playground-for-hackers/?t=1
June 22, 2023 Home router hacking presentation at HITB2023 http://conference.hitb.org/files/hitbsecconf2023ams/materials/D1T1%20-%20Your%20Not%20So%20Home%20Office%20-%20Soho%20Hacking%20at%20Pwn2Own%20-%20McCaulay%20Hudson%20&%20Alex%20Plaskett.pdf
June 22, 2023 Ethical Problems in Computer Security https://www.schneier.com/blog/archives/2023/06/ethical-problems-in-computer-security.html
June 21, 2023 Kaspersky Hack - iOS Triangulation Malware Analysis https://securelist.com/operation-triangulation/109842/
June 21, 2023 FortiNAC - Just a few more RCEs https://frycos.github.io/vulns4free/2023/06/18/fortinac.html
June 21, 2023 nOAuth: How Microsoft OAuth Misconfiguration Can Lead to Full Account Takeover https://www.descope.com/blog/post/noauth
June 21, 2023 New macOS vulnerability, Migraine, could bypass System Integrity Protection https://www.microsoft.com/en-us/security/blog/2023/05/30/new-macos-vulnerability-migraine-could-bypass-system-integrity-protection/
June 21, 2023 VSCode Remote Code Execution advisory https://blog.ammaraskar.com/vscode-rce/
June 21, 2023 GitHub Dataset Research Reveals Millions Potentially Vulnerable to RepoJacking https://blog.aquasec.com/github-dataset-research-reveals-millions-potentially-vulnerable-to-repojacking
June 21, 2023 Dissecting TriangleDB, a Triangulation spyware implant https://securelist.com/triangledb-triangulation-implant/110050/
June 20, 2023 Regular expression Denial-of-Service, due to the denial of service attack caused by regular expressions. https://blog.huli.tw/2023/06/12/en/redos-regular-expression-denial-of-service/
June 20, 2023 Latest ransomware variant has heightened attack execution speed and what that means https://www.darkreading.com/attacks-breaches/rorschach-ransomware-what-you-need-to-know
June 20, 2023 Reverse engineering and pwning a Google Home Mini smart speaker. https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html
June 20, 2023 Codegate Qualifier 2023 CTF Competition Hacked https://github.com/kalmarunionenctf/codegate-statement
June 20, 2023 Storing Passwords - A Journey of Common Pitfalls https://blog.redteam-pentesting.de/2023/storing-passwords/
June 20, 2023 When Hackers hack the Hackers - Malware Analysis for a group targeting Malware Developers https://www.r-tec.net/r-tec-blog-when-hackers-hack-the-hackers.html
June 20, 2023 Google Ads: An effective phishing delivery mechanism for more than a decade. https://guardyourdomain.com/blog/google-ads-phishing/
June 20, 2023 Freaky Leaky SMS: Extracting User Locations by Analyzing SMS Timings https://arxiv.org/abs/2306.07695