osmos::feed

Open

Beyond good ol’ Run key, Part 148

Analyzing the very same binary (AggregatorHost.exe) that makes the persistence trick described in my previous post work, I noticed that there is one more Registry entry we can use as a persistence mechanism: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\TestHooks\TestUndockedAggregatorDll= Same as in the previous post, … Continue reading → ( 2 min )

Beyond good ol’ Run key, Part 147

I mentioned TestHook at least twice in the past. I actually love this keyword/string, because it is associated with many undocumented internal Microsoft test frameworks that we can sometimes abuse. And many ‘TestHook’ string references are present in many binaries … Continue reading → ( 2 min )

Open

How Much More Must We Bleed? - Citrix NetScaler Memory Disclosure (CitrixBleed 2 CVE-2025-5777)

Before you dive into our latest diatribe, indulge us and join us on a journey. Sit in your chair, stand at your desk, lick your phone screen - close your eyes and imagine a world in which things are great. It’s sunny outside, the birds are chirping, and ( 9 min )
Open

Format hard drive: EaseUS Partition Master Free vs. Windows tools

Windows provides native tools for formatting hard drives, such as Disk Management, File Explorer, and DiskPart. Alternatively, you can use EaseUS Partition Master Free, which enables quick and easy formatting of hard drives and partitions. Source
Open

Pet microchip scams and data leaks in the UK

TL;DR We were recently on BBC Morning Live talking about issues with pet microchip data, helping some pet owners understand how they were being billed for services which they didn’t recall signing up for. There was so much more to this piece though, so we’ve written up our findings in more detail here. It’s a […] The post Pet microchip scams and data leaks in the UK appeared first on Pen Test Partners. ( 7 min )

Open

New Threads layout in Teams channel posts aims to simplify conversations

Microsoft is adding a Threads layout to Teams channel posts. This feature introduces a new level of structure that enables more interactive conversations, similar to social networks like Facebook or X. Source
Open

CI/CD Training from the Front Lines: Offensive Security at Black Hat

Our Red Team has explored and exploited vulnerabilities in the CI/CD space over the last several years, resulting in numerous successful offensive operations, open-source tool development, and presentations at Black Hat, DEF CON, and Schmoocon. With organizations increasingly relying on automated deployment pipelines, securing CI/CD infrastructure has become more critical than ever — yet many […] The post CI/CD Training from the Front Lines: Offensive Security at Black Hat appeared first on Praetorian. ( 24 min )

Open

Windows 11 25H2: enablement package with valuable new features

Windows 11 25H2 is scheduled for release in fall 2025. Windows Insider Program members can try out the update early in the Dev channel. Notably, Windows 11 25H2 isn’t a traditional in-place upgrade; it’s an enablement package, which is a minor update that unlocks dormant new features such as Quick Machine Recovery and Administrator Protection. Source
Open

Buckle up, Buttercup, AIxCC’s scored round is underway!

Our CRS (Cyber Reasoning System), Buttercup, is now competing in the one and only scored round of DARPA’s AI Cyber Challenge (AIxCC) against six other teams to see which autonomous AI-driven system can find and patch the most software vulnerabilities. ( 2 min )
Open

macOS NimDoor | DPRK Threat Actors Target Web3 and Crypto Platforms with Nim-Based Malware

NimDoor shows how threat actors are continuing to explore cross-platform languages that introduce new levels of complexity for analysts. ( 33 min )
Open

Streamlining Global Automotive Cybersecurity Governance to Accelerate Innovation, Assurance, and Compliance

No content preview ( 16 min )

5 MCP Security Tips

No content preview ( 10 min )
Open

Quickpost: Doorbell & Condensation

Remember that I broke the filament of the light-bulb in my doorbell? Turns out there is another advantage to having a light-bulb in your doorbell: it prevents condensation: Quickpost info ( 11 min )

Open

Climbing Mount Everest: Black-Byte Bytes Back?

No content preview ( 9 min )

44Con2013Game

No content preview ( 6 min )

Celebrating NCC Con Europe 2018

No content preview ( 9 min )

Cyber red-teaming business-critical systems while managing operational risk

No content preview ( 6 min )

An Adventure in Contingency Debugging: Ruby IO#read/IO#write Considered Harmful

No content preview ( 11 min )

Database Security Brief: The Oracle Critical Patch Update for April 2007

No content preview ( 6 min )

Broadcasting your attack – DAB security

No content preview ( 7 min )

Abusing Privileged and Unprivileged Linux Containers

No content preview ( 6 min )

Cisco ASA series part three: Debugging Cisco ASA firmware

No content preview ( 16 min )

Conference Talks – November 2020

No content preview ( 7 min )

Application Layer Attacks – The New DDoS Battleground

No content preview ( 6 min )

A Peek Behind the Great Firewall of Russia

No content preview ( 9 min )

Defeating the Stack Based Buffer Overflow Prevention Mechanism of Microsoft Windows 2003 Server

No content preview ( 7 min )

Bypassing Oracle DBMS_ASSERT (in certain situations)

No content preview ( 6 min )

BAT: a Fast and Small Key Encapsulation Mechanism

No content preview ( 12 min )

CVE-2017-8570 RTF and the Sisfader RAT

No content preview ( 10 min )

Advisory-CraigSBlackie-CVE-2016-9795

No content preview ( 6 min )

Assessing Unikernel Security

No content preview ( 6 min )

A jq255 Elliptic Curve Specification, and a Retrospective

No content preview ( 13 min )

Conference Talks – August 2020

No content preview ( 11 min )

Building WiMap the Wi-Fi Mapping Drone

No content preview ( 6 min )

An Illustrated Guide to Elliptic Curve Cryptography Validation

No content preview ( 15 min )

Berserko: Kerberos Authentication for Burp Suite

No content preview ( 6 min )

An Introduction to Ultrasound Security Research

No content preview ( 6 min )

An Introduction to Heap overflows on AIX 5.3L

No content preview ( 6 min )

Applying normalised compression distance for architecture classification

No content preview ( 6 min )

Breaking into Security Research at NCC Group

No content preview ( 16 min )

APT15 is Alive and Strong: An Analysis of RoyalCli and RoyalDNS

No content preview ( 8 min )

Android-OpenDebug

No content preview ( 6 min )

Android-KillPermAndSigChecks

No content preview ( 6 min )

Database Security: A Christmas Carol

No content preview ( 7 min )

Adversarial Machine Learning: Approaches & defences

No content preview ( 6 min )

An Analysis of Mobile Geofencing App Security

No content preview ( 6 min )

Deception Engineering: exploring the use of Windows Installer Packages against first stage payloads

No content preview ( 7 min )

Alternative Approaches for Fault Injection Countermeasures (Part 3/3)

No content preview ( 10 min )

Blackbox iOS App Assessments Using idb

No content preview ( 6 min )

Best Practices for the use of Static Code Analysis within a Real-World Secure Development Lifecycle

No content preview ( 6 min )

AtHoc Toolbar

No content preview ( 6 min )

Black Hat 2013 – Femtocell Presentation Slides, Videos and App

No content preview ( 7 min )

Announcing NCC Group’s Cryptopals Guided Tour!

No content preview ( 9 min )

An Introduction to Quantum Computing for Security Professionals

No content preview ( 6 min )

Conference Talks – September/October 2022

No content preview ( 9 min )

Cisco VPN Client Privilege Escalation

No content preview ( 6 min )

Beyond data loss prevention

No content preview ( 6 min )

Dancing Offbit: The Story of a Single Character Typo that Broke a ChaCha-Based PRNG

No content preview ( 10 min )

Conference Talks – December 2020

No content preview ( 12 min )

Cups-filters remote code execution

No content preview ( 6 min )

Crave the Data: Statistics from 1,300 Phishing Campaigns

No content preview ( 8 min )

Building an RDP Credential Catcher for Threat Intelligence

No content preview ( 8 min )

ASP.NET Security and the Importance of KB2698981 in Cloud Environments

No content preview ( 6 min )

Building Intuition for Lattice-Based Signatures – Part 1: Trapdoor Signatures

No content preview ( 21 min )

Blind Security Testing – An Evolutionary Approach

No content preview ( 6 min )

AssetHook

No content preview ( 6 min )

A brief look at Windows telemetry: CIT aka Customer Interaction Tracker

No content preview ( 24 min )

Announcing the AWS blog post series

No content preview ( 6 min )

Deep Dive into Real-World Kubernetes Threats

No content preview ( 16 min )

Conference Talks – March 2020

No content preview ( 8 min )

Dangling Cursor Snarfing: A New Class of Attack in Oracle

No content preview ( 6 min )

Code Patterns for API Authorization: Designing for Security

No content preview ( 11 min )

Cisco IPSec VPN Implementation Group Name Enumeration

No content preview ( 7 min )

Analysis of Boomerang Differential Trials via a SAT-Based Constraint Solver URSA

No content preview ( 6 min )

Apache Struts Vulnerability

No content preview ( 7 min )

Assuring Your DDoS Defences

No content preview ( 6 min )

A Guide to Improving Security Through Infrastructure-as-Code

No content preview ( 16 min )

A WarCon 2017 Presentation: Cisco ASA – Exploiting the IKEv1 Heap Overflow – CVE-2016-1287

No content preview ( 6 min )

Critical Risk Vulnerability in Ingres (Pointer Overwrite 2)

No content preview ( 7 min )

Conference Talks – June 2021

No content preview ( 8 min )

CMakerer: A small tool to aid CLion’s indexing

No content preview ( 6 min )

Apple QuickTime Player m4a Processing Buffer Overflow

No content preview ( 8 min )

Adobe Flash Player Cross Domain Policy Bypass

No content preview ( 6 min )

BlackBerry PlayBook Security – Part One

No content preview ( 6 min )

A few notes on usefully exploiting libstagefright on Android 5.x

No content preview ( 7 min )

Batten down the hatches: Cyber threats facing DP operations

No content preview ( 6 min )

CyberVillainsCA

No content preview ( 6 min )

44CON Workshop – How to assess and secure iOS apps

No content preview ( 6 min )

Abusing Blu-ray Players Part 1 – Sandbox Escapes

No content preview ( 10 min )

Browser Extension Password Managers

No content preview ( 6 min )

Best practices with BYOD

No content preview ( 6 min )

Black Hat 2013 – Bluetooth Smart Presentation Available

No content preview ( 6 min )

Archived Technical Advisories

No content preview ( 9 min )

Apple CoreAnimation Heap Overflow

No content preview ( 6 min )

A Survey of Istio’s Network Security Features

No content preview ( 24 min )

Check out our new Microcorruption challenges!

No content preview ( 6 min )

Assessing IIS Configuration Remotely

No content preview ( 6 min )

Announcing NCC Group’s Cryptopals Guided Tour: Set 2

No content preview ( 9 min )

10 real-world stories of how we’ve compromised CI/CD pipelines

No content preview ( 15 min )

Advice for security decision makers contemplating the value of Antivirus

No content preview ( 7 min )

CloudWatch: Amazon Web Services & Shellshock

No content preview ( 8 min )

Apple Mac OS X ImageIO TIFF Integer Overflow

No content preview ( 6 min )

Black Hat 2013 – Cryptopocalypse Presentation Available

No content preview ( 6 min )

Conference Talks – May 2021

No content preview ( 8 min )

AWS environment security assessment with Scout2

No content preview ( 6 min )

An offensive guide to the Authorization Code grant

No content preview ( 13 min )

Build Your Own Wi-Fi Mapping Drone Capability

No content preview ( 8 min )

Automated enumeration of email filtering solutions

No content preview ( 6 min )

Cisco ASA series part one: Intro to the Cisco ASA

No content preview ( 17 min )

Black Hat USA 2015 presentation: Broadcasting your attack-DAB security

No content preview ( 6 min )

Adobe Acrobat Reader XML Forms Data Format Buffer Overflow

No content preview ( 6 min )

Azucar

No content preview ( 6 min )

Cloud Security Presentation

No content preview ( 6 min )

Advanced Exploitation of Oracle PL/SQL Flaws

No content preview ( 6 min )

Anti Brute Force Resource Metering

No content preview ( 6 min )

Attacking the Windows Kernel (Black Hat Las Vegas 2007)

No content preview ( 6 min )

Approximately 2000 Citrix NetScalers backdoored in mass-exploitation campaign

No content preview ( 11 min )

Android-SSL-TrustKiller

No content preview ( 6 min )

Compromising a Hospital Network for £118 (Plus Postage & Packaging)

No content preview ( 13 min )

Blind Return Oriented Programming

No content preview ( 8 min )

Combating Java Deserialisation Vulnerabilities with Look-Ahead Object Input Streams (LAOIS)

No content preview ( 6 min )

ASP.NET Security and the Importance of KB2698981 in Cloud Environments Threat Brief

No content preview ( 6 min )

Attacking Web Service Security: Message Oriented Madness, XML Worms and Web Service Security Sanity

No content preview ( 6 min )

Adobe flash sandbox bypass to navigate to local drives

No content preview ( 6 min )

Analysis of the Linux backdoor used in freenode IRC network compromise

No content preview ( 11 min )

ASE 12.5.1 datatype overflow

No content preview ( 6 min )

Bypassing Android’s Network Security Configuration

No content preview ( 9 min )

Cisco ASA series part eight: Exploiting the CVE-2016-1287 heap overflow over IKEv1

No content preview ( 32 min )

Black Hat Europe 2013 Andy Davis: To dock or not to dock…

No content preview ( 6 min )

Assessing the security and privacy of Vaccine Passports

No content preview ( 14 min )

Call Map: A Tool for Navigating Call Graphs in Python

No content preview ( 6 min )

Cracking Random Number Generators using Machine Learning – Part 2: Mersenne Twister

No content preview ( 25 min )

Chafer backdoor analysis

No content preview ( 10 min )

A Simple and Practical Approach to Input Validation

No content preview ( 6 min )

A Back-to-Front TrueCrypt Recovery Story: The Plaintext is the Ciphertext

No content preview ( 14 min )

Decoding network data from a Gh0st RAT variant

No content preview ( 8 min )

BlackBerry Link WebDav Server Bound to the BlackBerry VPN Adapter

No content preview ( 6 min )

Decoder Improved Burp Suite Plugin

No content preview ( 6 min )

AutoRepeater: Automated HTTP Request Repeating With Burp Suite

No content preview ( 6 min )

An adventure in PoEKmon NeutriGo land

No content preview ( 7 min )

CVE-2018-8611 – Diving into the Windows Kernel Transaction Manager (KTM) for fun and exploitation

No content preview ( 6 min )

Are you oversharing (in Salesforce)? Our new tool could sniff it out!

No content preview ( 9 min )

Chrome Password Manager Cross Origin Weakness

No content preview ( 8 min )

Cisco ASA series part five: libptmalloc gdb plugin

No content preview ( 11 min )

cisco-SNMP-enumeration

No content preview ( 6 min )

Analysing a recent Poison Ivy sample

No content preview ( 11 min )

Accessing Private Fields Outside of Classes in Java

No content preview ( 6 min )

Attacks on SSL

No content preview ( 6 min )

Building Security In: Software Penetration Testing

No content preview ( 6 min )

Command Injection in XML Signatures and Encryption

No content preview ( 6 min )

5G security – how to minimise the threats to a 5G network

No content preview ( 25 min )

D-LINK DIR-850L web admin interface vulnerable to stack-based buffer overflow

No content preview ( 6 min )

Conference Talks – January 2020

No content preview ( 7 min )

DataArmor Full Disk Encryption 3.0.12c – Restricted Environment breakout, Privilege Escalation and Full Disk Decryption

No content preview ( 10 min )

CECSTeR

No content preview ( 6 min )

Creating Arbitrary Shellcode In Unicode Expanded Strings

No content preview ( 6 min )

Conference Talks – September 2021

No content preview ( 7 min )

Authorisation

No content preview ( 6 min )

Advanced SQL Injection in SQL Server Applications

No content preview ( 6 min )

Conference Talks – October 2021

No content preview ( 8 min )

Automating extraction from malware and recent campaign analysis

No content preview ( 6 min )

Common Flaws of Distributed Identity and Authentication Systems

No content preview ( 6 min )

Breaking Pedersen Hashes in Practice

No content preview ( 18 min )

Apple OSX/iPhone iOS ImageIO TIFF getBandProcTIFF TileWidth Heap Overflow

No content preview ( 8 min )

Decrypting OpenSSH sessions for fun and profit

No content preview ( 10 min )

Android SSL Bypass

No content preview ( 6 min )

Common Security Issues in Financially-Oriented Web Applications

No content preview ( 6 min )

Cross Site Request Forgery: An Introduction to a Common Web Application Weakness

No content preview ( 6 min )

Conference Talks – November 2021

No content preview ( 12 min )

D0nut encrypt me, I have a wife and no backups

No content preview ( 12 min )

Adventures in Xen Exploitation

No content preview ( 28 min )

An Adaptive-Ciphertext Attack Against “I ⊕ C” Block Cipher Modes With an Oracle

No content preview ( 6 min )

DDoS Common Approaches and Failings

No content preview ( 6 min )

Conference Talks – June 2022

No content preview ( 8 min )

Cisco ASA series part two: Static analysis & datamining of Cisco ASA firmware

No content preview ( 17 min )

Android Cloud Backup/Restore

No content preview ( 6 min )

An Introduction to Fault Injection (Part 1/3)

No content preview ( 11 min )

BlackBerry PlayBook Security – Part Two – BlackBerry Bridge

No content preview ( 6 min )

Content Security Policies and Popular CMS Systems

No content preview ( 9 min )

Critical Risk Vulnerability in Ingres (Pointer Overwrite 1)

No content preview ( 7 min )

Business Insights: Cyber Security in the Financial Sector

No content preview ( 6 min )

Conference Talks – September 2020

No content preview ( 7 min )

creep-web-app-scanner

No content preview ( 6 min )

Back Office Web Administration Authentication Bypass

No content preview ( 6 min )

Bit51 Better Security WP Security Plugin – Unauthenticated Stored XSS to RCE

No content preview ( 7 min )

C Language Standards Update – Zero-size Reallocations are Undefined Behavior

No content preview ( 7 min )

Creating a Safer OAuth User Experience

No content preview ( 6 min )

Cleaning Up After Cookies

No content preview ( 5 min )

Cyber Security of New Space Paper

No content preview ( 6 min )

Compromising Apache Tomcat via JMX access

No content preview ( 19 min )

Building Intuition for Lattice-Based Signatures – Part 2: Fiat-Shamir with Aborts

No content preview ( 14 min )

Cracking RDP NLA Supplied Credentials for Threat Intelligence

No content preview ( 8 min )

Conference Talks – October 2020

No content preview ( 12 min )

Demystifying Multivariate Cryptography

No content preview ( 20 min )

Conference Talks – December 2021

No content preview ( 10 min )

Cisco ASA series part seven: Checkheaps

No content preview ( 30 min )

Curve9767 and Fast Signature Verification

No content preview ( 14 min )

Conference Talks – February 2020

No content preview ( 8 min )

A New Flying Kitten?

No content preview ( 8 min )

Automated Reverse Engineering of Relationships Between Data Structures in C++ Binaries

No content preview ( 6 min )

Conti-nuation: methods and techniques observed in operations post the leaks

No content preview ( 9 min )

DECTbeacon

No content preview ( 6 min )

CertPortal: Building Self-Service Secure S/MIME Provisioning Portal

No content preview ( 10 min )

Decoder Improved Burp Suite plugin release part one

No content preview ( 8 min )

D-Link routers vulnerable to Remote Code Execution (RCE)

No content preview ( 6 min )

Cranim: A Toolkit for Cryptographic Visualization

No content preview ( 7 min )

Cyber Security in UK Agriculture

No content preview ( 6 min )

Critical Risk Vulnerability in SAP DB Web Server (Stack Overflow)

No content preview ( 8 min )

Cisco ASA series part four: dlmalloc-2.8.x, libdlmalloc, & dlmalloc on Cisco ASA

No content preview ( 40 min )

BlackHat Asia USB Physical Access

No content preview ( 6 min )

Common Insecure Practices with Configuring and Extending Salesforce

No content preview ( 11 min )

Data-mining with SQL Injection and Inference

No content preview ( 6 min )

Choosing the Right MCU for Your Embedded Device — Desired Security Features of Microcontrollers

No content preview ( 19 min )

Demystifying Cobalt Strike’s “make_token” Command

No content preview ( 13 min )

Denial of Service in Parsing a URL by ierutil.dll

No content preview ( 6 min )

Conference Talks – February/March 2021

No content preview ( 7 min )

Cracking Random Number Generators using Machine Learning – Part 1: xorshift128

No content preview ( 19 min )

CowCloud

No content preview ( 7 min )

Cyber Essentials Scheme

No content preview ( 6 min )

Content Security Policies Best Practices

No content preview ( 6 min )

Conference Talks – March 2022

No content preview ( 9 min )

DARPA OnStar Vulnerability Analysis

No content preview ( 7 min )

Buffer Underruns, DEP, ASLR and improving the Exploitation Prevention Mechanisms (XPMs) on the Windows platform

No content preview ( 6 min )

DeLux Edition: Getting root privileges on the eLux Thin Client OS

No content preview ( 8 min )

Database Servers on Windows XP and the unintended consequences of simple file sharing

No content preview ( 6 min )

Cisco ASA series part six: Cisco ASA mempools

No content preview ( 24 min )

Demystifying AWS’ AssumeRole and sts:ExternalId

No content preview ( 10 min )

Critical Risk Vulnerability in SAP Message Server (Heap Overflow)

No content preview ( 7 min )

CVE-2019-1405 and CVE-2019-1322 – Elevation to SYSTEM via the UPnP Device Host Service and the Update Orchestrator Service

No content preview ( 12 min )

Derusbi: A Case Study in Rapid Capability Development

No content preview

Detection Engineering for Kubernetes clusters

No content preview

Detecting Rclone – An Effective Tool for Exfiltration

No content preview

Detecting Karakurt – an extortion focused threat actor

No content preview

Detecting DNS implants: Old kitten, new tricks – A Saitama Case Study

No content preview

Detecting anomalous Vectored Exception Handlers on Windows

No content preview

Distributed Ledger (Blockchain) Security and Quantum Computing Implications

No content preview

Dissecting social engineering attacks

No content preview

Disclosure Policy

No content preview

DIBF – Updated

No content preview

Don’t throw a hissy fit; defend against Medusa

No content preview

Domestic IoT Nightmares: Smart Doorbells

No content preview

Does TypeScript Offer Security Improvements Over JavaScript?

No content preview

Do not use your AWS root account

No content preview

DNS Pinning and Web Proxies

No content preview

Drones: Detect, Identify, Intercept, and Hijack

No content preview

Double-odd Elliptic Curves

No content preview

dotnetpefuzzing

No content preview

dotnetpaddingoracle

No content preview

Early CCS Attack Analysis

No content preview

E-mail Spoofing and CDONTS.NEWMAIL

No content preview

Dynamic Linq Injection Remote Code Execution Vulnerability (CVE-2023-32571)

No content preview

Drupal Vulnerability

No content preview

eBook – Planning a robust incident response process

No content preview

eBook – Do you know how your organisation would react in a real-world attack scenario?

No content preview

EasyDA – Easy Windows Domain Access Script

No content preview

easyda

No content preview

Embedded Device Security Certifications

No content preview

Elephant in the Boardroom Survey 2016

No content preview

EDIDFuzzer

No content preview

eBook: Breach notification under GDPR – How to communicate a personal data breach

No content preview

Enterprise-scale seamless onboarding and deployment of Azure Sentinel using Lighthouse for multi-tenant environments

No content preview

Endpoint connectivity

No content preview

End-of-life pragmatism

No content preview

Encryption Does Not Equal Invisibility – Detecting Anomalous TLS Certificates with the Half-Space-Trees Algorithm

No content preview

Encryption at rest: Not the panacea to data protection

No content preview

Emissary Panda – A potential new malicious tool

No content preview

Ethics in Security Testing

No content preview

EternalGlue part one: Rebuilding NotPetya to assess real-world resilience

No content preview

Estimating the Bit Security of Pairing-Friendly Curves

No content preview

Erlang Security 101

No content preview

Enumerating System Management Interrupts

No content preview

Exploit the Fuzz – Exploiting Vulnerabilities in 5G Core Networks

No content preview

Exploit mitigations: keeping up with evolving and complex software/hardware

No content preview

Experiments in Extending Thinkst Canary – Part 1

No content preview

Exception Handling and Data Integrity in Salesforce

No content preview

Eurocrypt 2023: Death of a KEM

No content preview

Exploiting PL/SQL Injection Flaws with only CREATE SESSION Privileges

No content preview

Exploiting Noisy Oracles with Bayesian Inference

No content preview

Exploiting CVE-2015-2426, and How I Ported it to a Recent Windows 8.1 64-bit

No content preview

Exploiting CVE-2014-0282 (1)

No content preview

Exploiting CVE-2014-0282

No content preview

Exploiting the win32k!xxxEnableWndSBArrows use-after-free (CVE-2015-0057) bug on both 32-bit and 64-bit

No content preview

Exploiting Security Gateways Via Web Interfaces

No content preview

Exploiting Samba CVE-2015-0240 on Ubuntu 12.04 and Debian 7 32-bit

No content preview

Exploiting Rich Content

No content preview

Exploring Prompt Injection Attacks

No content preview

Exploring Overfitting Risks in Large Language Models

No content preview

Exploring macOS Calendar Alerts: Part 2 – Exfiltrating data (CVE-2020-3882)

No content preview

Exploring macOS Calendar Alerts: Part 1 – Attempting to execute code

No content preview

Exploring DeepFake Capabilities & Mitigation Strategies with University College London

No content preview

Extending a Thinkst Canary to become an interactive honeypot

No content preview

Exporting non-exportable RSA keys

No content preview

Exploring Verifiable Random Functions in Code

No content preview

Exploring the Security & Privacy of Canada’s Digital Proof of Vaccination Programs

No content preview

Faster Modular Inversion and Legendre Symbol, and an X25519 Speed Record

No content preview

Extractor

No content preview

Extracting the Payload from a CVE-2014-1761 RTF Document

No content preview

External Enumeration and Exploitation of Email and Web Security Solutions

No content preview

Finding and Exploiting .NET Remoting over HTTP using Deserialisation

No content preview

File Fuzzers

No content preview

Faux Disk Encryption: Realities of Secure Storage On Mobile Devices

No content preview

Fat-Finger

No content preview

Fix Bounty

No content preview

Five Essential Machine Learning Security Papers

No content preview

firstexecution

No content preview

Firmware Rootkits: The Threat to the Enterprise

No content preview

Finding the weak link in binaries

No content preview

Forensic Fuzzing Tools

No content preview

Flubot: the evolution of a notorious Android Banking Malware

No content preview

Flash security restrictions bypass: File upload by URLRequest

No content preview

Flash local-with-filesystem Bypass in navigateToURL

No content preview

From CSV to CMD to qwerty

No content preview

FrisbeeLite

No content preview

Freddy: An extension for automatically identifying deserialisation issues in Java and .NET applications

No content preview

FPGAs: Security Through Obscurity?

No content preview

Fuzzing the Easy Way Using Zulu (1)

No content preview

Fuzzing the Easy Way Using Zulu

No content preview

Fuzzing RTSP to discover an exploitable vulnerability in VLC

No content preview

Fuzzbox

No content preview

From ERMAC to Hook: Investigating the technical differences between two Android malware variants

No content preview

General Data Protection Regulation – are you ready?

No content preview

Game Security

No content preview

G-Scout

No content preview

Fuzzing USB devices using Frisbee Lite

No content preview

Ghidra nanoMIPS ISA module

No content preview

Getting Shell with XAMLX Files

No content preview

Getting per-user Conditional Access MFA status in Azure

No content preview

General Data Protection Regulation: Knowing your data

No content preview

grepify

No content preview

Going “AUTH the Rails” on a Crazy Train

No content preview

Gizmo

No content preview

Ghost Vulnerability (CVE-2015-0235)

No content preview

Hacking the Extensible Firmware Interface

No content preview

Hacking Displays Made Interesting

No content preview

Hacking Appliances: Ironic exploits in security products

No content preview

Hacking a web application

No content preview

Grepify – a Small Tool for Code Reviewers

No content preview

Harnessing GPUs Building Better Browser Based Botnets

No content preview

Hardware & Embedded Systems: A little early effort in security can return a huge payoff

No content preview

Hackproofing Oracle Application Server

No content preview

Hackproofing MySQL

No content preview

Helping Engineering Teams Tackle Security Debt in Embedded Systems: U-Boot Configuration Auditing Introduced in Depthcharge v0.2.0

No content preview

Heartbleed OpenSSL vulnerability

No content preview

Heartbleed (CVE-2014-0160) Advisory

No content preview

HDMI Ethernet Channel

No content preview

HDMI – Hacking Displays Made Interesting

No content preview

hostresolver

No content preview

HITB Phuket 2023 – Exploiting the Lexmark PostScript Stack

No content preview

HIDDEN COBRA Volgmer: A Technical Analysis

No content preview

Hiccupy

No content preview

How to Backdoor Diffie-Hellman

No content preview

How much training should staff have on cyber security?

No content preview

How cryptography is used to monitor the spread of COVID-19

No content preview

House

No content preview

How we breach network infrastructures and protect them

No content preview

How to Spot and Prevent an Eclipse Attack

No content preview

How To Spot a Penetration Tester in Your Network (and Catch the Real Bad Guys at the Same Time)

No content preview

How to protect yourself & your organisation from phishing attacks

No content preview

IAM user management strategy

No content preview

Hunting SQL Injection Bugs

No content preview

HTTP Profiler

No content preview

How-to: Importing WStalker CSV (and more) into Burp Suite via Import to Sitemap Extension

No content preview

How will GDPR impact your communications?

No content preview

IETF Draft: Indicators of Compromise and Their Role in Attack and Defen[c|s]e

No content preview

ICS/OT Security & the evolution of the Purdue Model: Integrating Industrial and Business Networks

No content preview

IAX Voice Over-IP Security

No content preview

IAM user management strategy (part 2)

No content preview

Implementing and Detecting a PCI Rootkit

No content preview

Impersonating Gamers With GPT-2

No content preview

Impact of DNS over HTTPS (DoH) on DNS Rebinding Attacks

No content preview

Immunity Debugger Buffer Overflow

No content preview

Image IO Memory Corruption

No content preview

Improving your Network and Application Assurance Strategy in an environment of increasing 0day vulnerabilities

No content preview

Improving Your Embedded Linux Security Posture With Yocto

No content preview

Impress Pages CMS Remote Code Execution

No content preview

Implementing the Castryck-Decru SIDH Key Recovery Attack in SageMath

No content preview

Integrating DigitalOcean into ScoutSuite

No content preview

Incremental Machine Learning by Example: Detecting Suspicious Activity with Zeek Data Streams, River, and JA3 Hashes

No content preview

Increased exploitation of Oracle GlassFish Server Administration Console Remote Authentication Bypass

No content preview

In-depth analysis of the new Team9 malware family

No content preview

Intent Fuzzer

No content preview

Intel® Software Guard Extensions (SGX): A Researcher’s Primer

No content preview

Intel BIOS Advisory – Memory Corruption in HID Drivers

No content preview

Integrity destroying malicious code for financial or geopolitical gain: A vision of the future?

No content preview

Interfaces.d to RCE

No content preview

Inter-Protocol Exploitation

No content preview

Inter-Protocol Communication

No content preview

Intent Sniffer

No content preview

Introducing idb-Simplified Blackbox iOS App Pentesting

No content preview

Introducing Chuckle and the Importance of SMB Signing

No content preview

Introducing Azucar

No content preview

Internet of Things Security

No content preview

IODIDE

No content preview

Investigating Potential Security Vulnerability Manifestation through Various Analyses & Inferences Regarding Internet RFCs (and how RFC Security might be Improved)

No content preview

Introspy for Android

No content preview

Introduction to AWS Attribute-Based Access Control

No content preview

Introduction to Anti-Fuzzing: A Defence in Depth Aid

No content preview

iOS Instrumentation Without Jailbreak

No content preview

iOS certificate pinning code updated for iOS 7

No content preview

iOS 7 tool updates

No content preview

iOS 7 arbitrary code execution in kernel mode

No content preview

IP-reputation-snort-rule-generator

No content preview

iOS User Enrollment and Trusted Certificates

No content preview

iOS SSL Killswitch

No content preview

iOS MobileSlideShow USB Image Class arbitrary code execution.txt

No content preview

iSEC Partners Releases SSLyze

No content preview

iSEC Engages in TrueCrypt Audit

No content preview

iSEC Completes TrueCrypt Audit

No content preview

iSEC audit of MediaWiki

No content preview

Is this the real life? Is this just fantasy? Caught in a landslide, NoEscape from NCC Group

No content preview

Jackson Deserialization Vulnerabilities

No content preview

Ivanti Zero Day – Threat Actors observed leveraging CVE-2021-42278 and CVE-2021-42287 for quick privilege escalation to Domain Admin

No content preview

ISM RAT

No content preview

iSEC reviews SecureDrop

No content preview

Kubernetes Security: Consider Your Threat Model

No content preview

Java RMI Registry.bind() Unvalidated Deserialization

No content preview

Jailbreak, updated and open-sourced

No content preview

Jailbreak

No content preview

LAPSUS$: Recent techniques, tactics and procedures

No content preview

lapith

No content preview

Kivlad

No content preview

Kerberos Resource-Based Constrained Delegation: When an Image Change Leads to a Privilege Escalation

No content preview

Java Web Start File Inclusion via System Properties Override

No content preview

LeaPFRogging PFR Implementations

No content preview

LDAPFragger: Bypassing network restrictions using LDAP attributes

No content preview

Launching the first in our series of Research Insights

No content preview

Latest threats to the connected car & intelligent transport ecosystem

No content preview

LibAVCodec AMV Out of Array Write

No content preview

Lessons learned from 50 USB bugs

No content preview

Lessons learned from 50 bugs: Common USB driver vulnerabilities

No content preview

Lending a hand to the community – Covenant v0.7 Updates

No content preview

Local network compromise despite good patching

No content preview

Live Incident Blog: June Global Ransomware Outbreak

No content preview

libtalloc: A GDB plugin for analysing the talloc heap

No content preview

Low Cost Attacks on Smart Cards – The Electromagnetic Side-Channel

No content preview

Logs, Logs, the Audit Trail – Features of a Successful Log Management Solution

No content preview

Login Service Security

No content preview

log4j-jndi-be-gone: A simple mitigation for CVE-2021-44228

No content preview

Machine Learning 103: Exploring LLM Code Generation

No content preview

Lumension Device Control Remote Memory Corruption

No content preview

Lumension Device Control (formerly Sanctuary) remote memory corruption

No content preview

LTair: The LTE Air Interface Tool

No content preview

Machine learning from idea to reality: a PowerShell case study

No content preview

Machine Learning for Static Analysis of Malware – Expansion of Research Scope

No content preview

Machine Learning 104: Breaking AES With Power Side-Channels

No content preview

Manifest Explorer

No content preview

Managing PowerShell in a modern corporate environment

No content preview

Managing Cyber Risk in the Supply Chain

No content preview

Man-in-the-Middling Non-Proxy Aware Wi-Fi Devices with a Pineapple

No content preview

McAfee Email and Web Security Appliance Active session tokens of other users are disclosed within the UI

No content preview

Mature Security Testing Framework

No content preview

Maritime Cyber Security: Threats and Opportunities

No content preview

McAfee Email and Web Security Appliance Reflective XSS allowing an attacker to gain session tokens

No content preview

McAfee Email and Web Security Appliance Password hashes can be recovered from a system backup and easily cracked

No content preview

McAfee Email and Web Security Appliance Arbitrary file download is possible with a crafted URL, when logged in as any user

No content preview

McAfee Email and Web Security Appliance Any logged-in user can bypass controls to reset passwords of other administrators

No content preview

McAfee Email and Web Security Appliance v5.6 – Password hashes can be recovered from a system backup and easily cracked

No content preview

McAfee Email and Web Security Appliance v5.6 – Any logged-in user can bypass controls to reset passwords of other administrators

No content preview

McAfee Email and Web Security Appliance v5.6 – Active session tokens of other users are disclosed within the UI

No content preview

McAfee Email and Web Security Appliance Session hijacking and bypassing client-side session timeouts

No content preview

Medium Risk Vulnerability in Symantec Network Access Control

No content preview

Medium Risk Vulnerability in Symantec Enterprise Security Management

No content preview

Medical Devices: A Hardware Security Perspective

No content preview

McAfee Email and Web Security Appliance v5.6 – Session hijacking (and bypassing client-side session timeouts)

No content preview

metasploitavevasion

No content preview

Mergers & Acquisitions (M&A) cyber security due diligence

No content preview

Memory Scanning for the Masses

No content preview

Memory Gap

No content preview

Microsoft SQL Server Passwords

No content preview

Microsoft Office Memory Corruption Vulnerability

No content preview

Microsoft Internet Explorer CMarkup Use-After-Free

No content preview

Microsoft announces the WMIC command is being retired, Long Live PowerShell

No content preview

Mobile & web browser credential management: Security implications, attack cases & mitigations

No content preview

Mining data from Cobalt Strike beacons

No content preview

Microsoft’s SQL Server vs. Oracle’s RDBMS

No content preview

Microsoft Zero-Day Vulnerability – OLE2Link – Threat Intelligence and Signatures

No content preview

MSSQL Lateral Movement

No content preview

More Advanced SQL Injection

No content preview

Mobile World Congress – Mobile Internet of Things

No content preview

Mobile apps and security by design

No content preview

Multiple Format String Injections in AFFLIB

No content preview

Multiple Cisco CSS / ACE Client Certificate and HTTP Header

No content preview

Multiple Buffer Overflows Discovered in AFFLIB

No content preview

My Hash is My Passport: Understanding Web and Mobile Authentication

No content preview

Multiple Vulnerabilities in MailEnable

No content preview

Multiple Shell Metacharacter Injections in AFFLIB

No content preview

Multiple security vulnerabilities in SAP NetWeaver BSP Logon

No content preview

Nagios XI Network Monitor Blind SQL Injection

No content preview

Nagios XI Network Monitor – OS Command Injection

No content preview

My name is Matt – My voice is my password

No content preview

NCC CON Europe 2017

No content preview

NCC Con Europe 2016

No content preview

Nagios XI Network Monitor Stored and Reflected XSS

No content preview

NCC Group Malware Technical Note

No content preview

NCC Group co-signs the Electronic Frontier Foundation’s Statement on DMCA Use Against Security Researchers

No content preview

NCC Con Europe 2022 – Pwn2Own Austin Presentations

No content preview

NCC Group’s 2020 Annual Research Report

No content preview

NCC Group researchers named amongst MSRC’s Most Valuable Security Researchers in 2020

No content preview

NCC Group Research at Black Hat USA 2022 and DEF CON 30

No content preview

NCC Group Research at Black Hat USA 2021 and DEF CON 29

No content preview

NCC Group placed first in global 5G Cyber Security Hack competition

No content preview

NCC Group’s 2021 Annual Research Report

No content preview

NCC Group’s Upcoming Trainings at Black Hat USA 2021

No content preview

NCC Group’s Juan Garrido named to Microsoft’s MSRC Office Security Researcher Leaderboard

No content preview

NCC Group’s Jeremy Boone recognized for Highest Quality and Most Eligible Reports through the Intel Circuit Breaker program

No content preview

Nessus Authenticated Scan – Local Privilege Escalation

No content preview

Nerve

No content preview

ncccodenavi

No content preview

NCC Group’s 2022 & 2023 Research Report

No content preview

NIST Selects Post-Quantum Algorithms for Standardization

No content preview

New Sources of Microsoft Office Metadata – Tool Release MetadataPlus

No content preview

New Attack Vectors and a Vulnerability Dissection of MS03-007

No content preview

Network Attached Security: Attacking a Synology NAS

No content preview

Non-stack Based Exploitation of Buffer Overrun Vulnerabilities on Windows NT 2000 XP

No content preview

Non-flood/non-volumetric Distributed Denial of Service (DDoS)

No content preview

Non-Deterministic Nature of Prompt Injection

No content preview

Non Obvious PE Parsers – The .NET runtime – Part 1

No content preview

On the malicious use of large language models like GPT-3

No content preview

On Multiplications with Unsaturated Limbs

No content preview

On Linux’s Random Number Generation

No content preview

NX Server for Linux Arbitrary Files can be read with root privileges

No content preview

NSA & CISA Kubernetes Security Guidance – A Critical Review

No content preview

Optimizing Pairing-Based Cryptography: Montgomery Multiplication in Assembly

No content preview

Optimizing Pairing-Based Cryptography: Montgomery Arithmetic in Rust

No content preview

Open Banking: Security considerations & potential risks

No content preview

On the Use of Pedersen Commitments for Confidential Payments

No content preview

Oracle E-Business Suite Pre-Auth SQLi with DBA Privileges

No content preview

Oracle 11g TNS listener remote Null Pointer Dereference

No content preview

Oracle 11g TNS listener remote Invalid Pointer Read

No content preview

Optimum Routers: Researching Managed Routers

No content preview

Oracle Forensics Part 5: Finding Evidence of Data Theft in the Absence of Auditing

No content preview

Oracle Forensics Part 4: Live Response

No content preview

Oracle Forensics Part 3: Isolating Evidence of Attacks Against the Authentication Mechanism

No content preview

Oracle Forensics Part 2: Locating Dropped Objects

No content preview

Oracle Forensics Part 1: Dissecting the Redo Logs

No content preview

Oracle Java Installer Adds a System Path Which is Writable by All

No content preview

Oracle Hyperion 11 Directory Traversal

No content preview

Oracle Gridengine sgepasswd Buffer Overflow

No content preview

Oracle Forensics Part 7 Using the Oracle System Change Number in Forensic Investigations

No content preview

Oracle Forensics Part 6: Examining Undo Segments, Flashback and the Oracle Recycle Bin

No content preview

Order Details Screens and PII

No content preview

Oracle Retail Invoice Manager SQL Injection

No content preview

Oracle Retail Integration Bus Manager Directory Traversal

No content preview

Oracle Passwords and OraBrute

No content preview

Overview of Modern Memory Security Concerns

No content preview

osquery Application Security Assessment Public Report

No content preview

OS X Lion USB Hub Class Descriptor Arbitrary Code Execution

No content preview

OS X 10.6.6 Camera Raw Library Memory Corruption

No content preview

Password and brute-force mitigation policies

No content preview

Owning the Virgin Media Hub 3.0: The perfect place for a backdoor

No content preview

OSX afpserver remote code execution

No content preview

Pairing over BLS12-381, Part 2: Curves

No content preview

Pairing over BLS12-381, Part 1: Fields

No content preview

Padding the struct: How a compiler optimization can disclose stack memory

No content preview

Package Play

No content preview

Passive Decryption of Ethereum Peer-to-Peer Traffic

No content preview

Paradoxical Compression with Verifiable Delay Functions

No content preview

Paper: Thematic for Success in Real-World Offensive Cyber Operations – How to make threat actors work harder and fail more often

No content preview

Pairing over BLS12-381, Part 3: Pairing!

No content preview

PDF Form Filling and Flattening Tool Buffer Overflow

No content preview

Payment Card Industry Data Security Standard (PCI DSS) A Navigation and Explanation of Changes from v2.0 to v3.0

No content preview

Passive Information Gathering – The Analysis of Leaked Network Security Information

No content preview

PhanTap (Phantom Tap): Making networks spookier one packet at a time

No content preview

Perfect Forward Security

No content preview

Peeling back the layers on defence in depth…knowing your onions

No content preview

PeachFarmer

No content preview

Poison Ivy string decryption

No content preview

Pip3line

No content preview

Phishing Stories

No content preview

Phishing Mitigations: Configuring Microsoft Exchange to Clearly Identify External Emails

No content preview

Pointer Sequence Reverser (PSR)

No content preview

POC2021 – Pwning the Windows 10 Kernel with NTFS and WNF Slides

No content preview

Pip3line – The Swiss Army Knife of Byte Manipulation

No content preview

Post-quantum cryptography overview

No content preview

Post-exploiting a compromised etcd – Full control over the cluster and its nodes

No content preview

Porting the Misfortune Cookie Exploit: A Look into Router Exploitation Using the TD-8817

No content preview

port-scan-automation

No content preview

Practical SME security on a shoestring

No content preview

Practical Machine Learning for Random (Filename) Detection

No content preview

Potential false redirection of web site content in Internet in SAP NetWeaver web applications

No content preview

Premium Practical Law Content Gateway(2)

No content preview

Premium Practical Law Content Gateway

No content preview

Premium Content Gateway

No content preview

Private sector cyber resilience and the role of data diodes

No content preview

Principal Mapper (pmapper)

No content preview

Preparing for Cyber Battleships – Electronic Chart Display and Information System Security

No content preview

Premium Security Content Gateway

No content preview

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 2: Going off on a Tangent – AI/ML Applications in Social Engineering

No content preview

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 10: Efficacy Demonstration, Project Conclusion and Next Steps

No content preview

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 1: Understanding the Basics and What Platforms and Frameworks Are Available

No content preview

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 8: Development of Prototype #4 – Building on Takaesu’s Approach with Focus on XSS

No content preview

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 6: Development of Prototype #2 – Creating a SQLi PoC

No content preview

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 4: Architecture and Design

No content preview

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 3: Understanding Existing Approaches and Attempts

No content preview

Properly Signed Certificates on CPE Devices

No content preview

Project Triforce: Run AFL on Everything!

No content preview

Project Bishop: Clustering Web Pages

No content preview

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 9: Adventures with Expert Systems

No content preview

PRTG Network Monitor Command injection

No content preview

Proxy Re-Encryption Protocol: IronCore Public Report

No content preview

ProxMon

No content preview

Protecting stored cardholder data (an unofficial supplement to PCI DSS V3.0)

No content preview

Public Report – Android Cloud Backup/Restore

No content preview

Public Report – Filecoin Bellman and BLS Signatures Cryptographic Review

No content preview

Public Report – Coda Cryptographic Review

No content preview

Public cloud

No content preview

Public Report – Dell Secured Component Verification

No content preview

Public Report – Confidential Space Security Review

No content preview

Public Report – Confidential Mode for Hyperdisk – DEK Protection Analysis

No content preview

Public Report – Caliptra Security Assessment

No content preview

Public Report – BLST Cryptographic Implementation Review

No content preview

Public Report – Google Privacy Sandbox Aggregation Service and Coordinator

No content preview

Public Report – Google Enterprise API Security Assessment

No content preview

Public Report – go-cose Security Assessment

No content preview

Public Report – Electric Coin Company NU4 Cryptographic Specification and Implementation Review

No content preview

Public Report – Lantern and Replica Security Assessment

No content preview

Public Report – Kubernetes 1.24 Security Audit

No content preview

Public Report – Keyfork Implementation Review

No content preview

Public Report – IOV Labs powHSM Security Assessment

No content preview

Public Report – Penumbra Labs R1CS Implementation Review

No content preview

Public Report – Penumbra Labs Decaf377 Implementation and Poseidon Parameter Selection Review

No content preview

Public Report – O(1) Labs Mina Client SDK, Signature Library and Base Components Cryptography and Implementation Review

No content preview

Public Report – Matrix Olm Cryptographic Review

No content preview

Public Report – Security Review of RSA Blind Signatures with Public Metadata

No content preview

Public Report – RustCrypto AES/GCM and ChaCha20+Poly1305 Implementation Review

No content preview

Public Report – Qredo Apache Milagro MPC Cryptographic Assessment

No content preview

Public Report – Protocol Labs Groth16 Proof Aggregation: Cryptography and Implementation Review

No content preview

Public Report – Pixel 4/4XL and Pixel 4a ioXt Audit

No content preview

Public Report – WhatsApp Auditable Key Directory (AKD) Implementation Review

No content preview

Public Report – VPN by Google One: Technical Security & Privacy Assessment

No content preview

Public Report – VPN by Google One Security Assessment

No content preview

Public Report – Threshold ECDSA Cryptography Review

No content preview

Public Report – Zcash Zebra Security Assessment

No content preview

Public Report – Zcash NU5 Cryptography Review

No content preview

Public Report – WhatsApp opaque-ke Cryptographic Implementation Review

No content preview

Public Report – WhatsApp End-to-End Encrypted Backups Security Assessment

No content preview

Public Report – Zcash FROST Security Assessment

No content preview

Public Report – Solana Program Library ZK-Token Security Assessment

No content preview

Public Report – Entropy/Rust Cryptography Review

No content preview

Public Report – Zendoo Proof Verifier Cryptography Review

No content preview

Public Report – AWS Nitro System API & Security Claims German

No content preview

Public Report – AWS Nitro System API & Security Claims French

No content preview

Public Report – AWS Nitro System API & Security Claims

No content preview

Public Report – Aleo snarkVM Implementation Review

No content preview

Public Report – AWS Nitro System API & Security Claims Italian

No content preview

Public Report: Aleo snarkOS Implementation and Consensus Mechanism Review

No content preview

Python Class Informer: an IDAPython plugin for viewing run-time type information (RTTI)

No content preview

pySimReader

No content preview

Puckungfu: A NETGEAR WAN Command Injection

No content preview

Public Report – AWS Nitro System API & Security Claims Spanish

No content preview

Ransomware: what organisations can do to survive

No content preview

Ransomware: How vulnerable is your system?

No content preview

Ragweed

No content preview

Quantum Cryptography – A Study Into Present Technologies and Future Applications

No content preview

Real World Cryptography Conference 2022

No content preview

Real World Cryptography Conference 2021: A Virtual Experience

No content preview

Readable Thrift (1)

No content preview

Readable Thrift

No content preview

Replicating CVEs with KLEE

No content preview

Remote Directory Traversal and File Retrieval

No content preview

Remote code execution in ImpressPages CMS

No content preview

Real World Cryptography Conference 2023 – Part I

No content preview

Research Insights Volume 3 – How are we breaking in: Mobile Security

No content preview

Research Insights Volume 2 – Defensive Trends

No content preview

Research Insights Volume 1 – Sector Focus: Financial Services

No content preview

Research Insights Volume 6: Common Issues with Environment Breakouts

No content preview

Research Insights Volume 5 – Sector Focus: Automotive

No content preview

Research Insights Volume 4 – Sector Focus: Maritime Sector

No content preview

Research Insights Volume 9 – Modern Security Vulnerability Discovery

No content preview

Research Insights Volume 8 – Hardware Design: FPGA Security Risks

No content preview

Research Insights Volume 7: Exploitation Advancements

No content preview

Research Report – Zephyr and MCUboot Security Assessment

No content preview

Research Paper – Recovering deleted data from the Windows registry

No content preview

Research Paper – Machine Learning for Static Malware Analysis, with University College London

No content preview

Revealing Embedded Fingerprints: Deriving Intelligence from USB Stack Interactions 2013

No content preview

Revealing Embedded Fingerprints: Deriving intelligence from USB stack interactions

No content preview

Return of the hidden number problem

No content preview

Retro Gaming Vulnerability Research: Warcraft 2

No content preview

Ricochet Security Assessment Public Report

No content preview

Reviewing Verifiable Random Functions

No content preview

Reverse Engineering Coin Hunt World’s Binary Protocol

No content preview

Reverse engineering and decrypting CyberArk vault credential files

No content preview

RIFT: Detection capabilities for recent F5 BIG-IP/BIG-IQ iControl REST API vulnerabilities CVE-2021-22986

No content preview

RIFT: Citrix ADC Vulnerabilities CVE-2020-8193, CVE-2020-8195 and CVE-2020-8196 Intelligence

No content preview

RIFT: Analysing a Lazarus Shellcode Execution Method

No content preview

Rigging the Vote: Uniqueness in Verifiable Random Functions

No content preview

RIFT: F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902 Intelligence

No content preview

RIFT: F5 CVE-2020-5902 and Citrix CVE-2020-8193, CVE-2020-8195 and CVE-2020-8196 honeypot data release

No content preview

Rise of the machines: Machine Learning & its cyber security applications

No content preview

Rise of the Sensors: Securing LoRaWAN Networks

No content preview

Ruling the rules

No content preview

RSA Conference – Mobile Threat War Room

No content preview

RokRat Analysis

No content preview

RM3 – Curiosities of the wildest banking malware

No content preview

Sakula: an adventure in DLL planting

No content preview

Ruxcon 2013 – Introspy Presentation Slides

No content preview

Rust for Security and Correctness in the embedded world

No content preview

RtspFuzzer

No content preview

Samba on the BlackBerry PlayBook

No content preview

Samba Andx Request Remote Code Execution

No content preview

Samba _netr_ServerPasswordSet Expoitability Analysis

No content preview

Salesforce Security with Remote Working

No content preview

Scenester – A Small Tool for Cross-Platform Web Application

No content preview

scenester

No content preview

SAML XML Injection

No content preview

SAML Pummel

No content preview

Secure Device Manufacturing: Supply Chain Security Resilience

No content preview

Secure Application Development on Facebook

No content preview

Second-Order Code Injection Attacks

No content preview

SCOMplicated? – Decrypting SCOM “RunAs” credentials

No content preview

SecureCisco

No content preview

SecureBigIP

No content preview

Secure Session Management With Cookies for Web Applications

No content preview

Secure Messaging for Normal People

No content preview

Secure Device Provisioning Best Practices: Heavy Truck Edition

No content preview

Securing Google Cloud Platform – Ten best practices

No content preview

SecureIE.ActiveX

No content preview

SecureCookies

No content preview

Securing the continuous integration process

No content preview

Securing Teradata Database

No content preview

Securing PL/SQL Applications with DBMS_ASSERT

No content preview

Security First Umbrella

No content preview

Security Considerations of zk-SNARK Parameter Multi-Party Computation

No content preview

Security Best Practice: Host Naming & URL Conventions

No content preview

Sharkbot is back in Google Play

No content preview

Setting a New Standard for Kubernetes Deployments

No content preview

Security of Things: An Implementers’ Guide to Cyber-Security for Internet of Things Devices and Beyond

No content preview

Security of Things: An Implementer’s Guide to Cyber Security for Internet of Things Devices and Beyond

No content preview

Shellshock Advisory

No content preview

Shell Arithmetic Expansion and Evaluation Abuse

No content preview

SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store

No content preview

Shocker

No content preview

Shining New Light on an Old ROM Vulnerability: Secure Boot Bypass via DCD and CSF Tampering on NXP i.MX Devices

No content preview

Shellshock Bash Vulnerability

No content preview

Signaturing an Authenticode anomaly with Yara

No content preview

Sign over Your Hashes – Stealing NetNTLM Hashes via Outlook Signatures

No content preview

SIAM AG23: Algebraic Geometry with Friends

No content preview

SMACK, SKIP-TLS & FREAK SSL/TLS Vulnerabilities

No content preview

Slotting Security into Corporate Development

No content preview

Singularity of Origin

No content preview

Smuggling HTA files in Internet Explorer/Edge

No content preview

SmarterMail – Stored XSS in emails

No content preview

Smart Contracts Inside SGX Enclaves: Common Security Bug Patterns

No content preview

Sobelow Update

No content preview

So long and thanks for all the 0day

No content preview

Sniffle: A Sniffer for Bluetooth 5

No content preview

Social Engineering

No content preview

Sobelow: Static analysis for the Phoenix Framework

No content preview

Software-Based Fault Injection Countermeasures (Part 2/3)

No content preview

Software Security Austerity Security Debt in Modern Software Development

No content preview

SOC maturity & capability

No content preview

Some Musings on Common (eBPF) Linux Tracing Bugs

No content preview

Solaris 11 USB hubclass

No content preview

Solaris 11 USB Hub Class descriptor kernel stack overflow

No content preview

Spectre and Meltdown: What you Need to Know

No content preview

Some Notes About the Xen XSA-122 Bug

No content preview

SSLyze v0.7 Released

No content preview

Spectre on a Television

No content preview

Spy-Pi: Do you trust your laptop docking stations?

No content preview

Squiz CMS File Path Traversal

No content preview

SSLyze v0.8

No content preview

SSL checklist for pentesters

No content preview

Stopping Automated Attack Tools

No content preview

State-of-the-art email risk

No content preview

StreamDivert: Relaying (specific) network connections

No content preview

Story of a Hundred Vulnerable Jenkins Plugins

No content preview

Symantec Backup Exec 2012 – Backup Exec Utility Stored XSS when adding Groups, Servers and Computers

No content preview

Supply Chain Security Begins with Secure Software Development

No content preview

Striking Back at Retired Cobalt Strike: A look at a legacy vulnerability

No content preview

Symantec Backup Exec 2012 – OS version and service pack information leak

No content preview

Symantec Backup Exec 2012 – Linux Backup Agent Heap Overflow

No content preview

Symantec Backup Exec 2012 Backup/Restore Data Traverses Memory with Weak ACLs

No content preview

Symantec Backup Exec 2012 – Persistent XSS Vulnerability Affecting Custom Reports

No content preview

Symantec Message Filter Unauthenticated verbose software version information disclosure

No content preview

Symantec Message Filter Session Hijacking via session

No content preview

Symantec Messaging Gateway – Authenticated arbritary file download

No content preview

Symantec Messaging Gateway – Addition of a backdoor adminstrator via CSRF

No content preview

Symantec Messaging Gateway – Unauthenticated detailed version disclosure

No content preview

Symantec Messaging Gateway – Out of band stored XSS via email

No content preview

Symantec Messaging Gateway Arbitrary file download is possible with a crafted URL (authenticated)

No content preview

Symantec Messaging Gateway – Unauthorised SSH access

No content preview

Symantec Messaging Gateway Out of band stored XSS delivered by email

No content preview

Symantec Messaging Gateway Easy CSRF to add a backdoor-administrator (for example)

No content preview

Symantec PC Anywhere Remote Code Extecution

No content preview

Symantec Messaging Gateway SSH with backdoor user account + privilege escalation to root due to very old Kernel

No content preview

SysAid Helpdesk Pro – Blind SQL Injection

No content preview

SysAid Helpdesk blind SQL injection

No content preview

Sysinternals SDelete: When Secure Delete Fails

No content preview

SysAid Helpdesk stored XSS

No content preview

TA505: A Brief History Of Their Time

No content preview

TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access

No content preview

SysPWN – VR for Pwn2Own

No content preview

TANDBERG Video Communication Server Arbitrary File Retrieval

No content preview

Tales of Windows detection opportunities for an implant framework

No content preview

TANDBERG Video Communication Server Static SSH Host Keys

No content preview

TANDBERG Video Communication Server Authentication Bypass

No content preview

Technical Advisory – Apple HFS+ Information Disclosure Vulnerability

No content preview

tcpprox

No content preview

Technical Advisory – Apple XAR – Arbitrary File Write (CVE-2021-30833)

No content preview

Technical Advisory – Apple iOS / OSX: Foundation NSXMLParser XXE Vulnerability

No content preview

Technical Advisory – Arbitrary Signature Forgery in Stark Bank ECDSA Libraries (CVE-2021-43572, CVE-2021-43570, CVE-2021-43569, CVE-2021-43568, CVE-2021-43571)

No content preview

Technical Advisory – Arbitrary File Read in Dell Wyse Management Suite (CVE-2021-21586, CVE-2021-21587)

No content preview

Technical Advisory – Authorization Bypass Allows for Pinboard Corruption

No content preview

Technical Advisory – Authenticated SQL Injection in SOAP Request in Broadcom CA Network Flow Analysis (CVE-2021-44050)

No content preview

Technical Advisory – ARM MbedOS USB Mass Storage Driver Memory Corruption

No content preview

Technical Advisory – Bomgar Remote Support – Local Privilege Escalation

No content preview

Technical Advisory – BLE Proximity Authentication Vulnerable to Relay Attacks

No content preview

Technical Advisory – Coda Filesystem Kernel Memory Disclosure

No content preview

Technical Advisory – Citrix Access Gateway Command Injection Vulnerability

No content preview

Technical Advisory – ExpressLRS vulnerabilities allow for hijack of control link

No content preview

Technical Advisory – DelTek Vision – Arbitrary SQL Execution (SQLi)

No content preview

Technical Advisory – FUJITSU CentricStor Control Center <= V8.1 – Unauthenticated Command Injection ( CVE-2022-31794 and CVE-2022-31795)

No content preview

Technical Advisory – FreePBX – Multiple Authenticated SQL Injections in UCP application

No content preview

Technical Advisory – KwikTag Web Admin Authentication Bypass

No content preview

Technical Advisory – Garuda Linux Insecure User Creation (CVE-2021-3784)

No content preview

Technical Advisory – IBM TAM: Remote Directory Traversal and File Retrieval via web server plug-in

No content preview

Technical Advisory – HTC IQRD Android Permission Leakage

No content preview

Technical Advisory – Kwikset/Weiser BLE Proximity Authentication in Kevo Smart Locks Vulnerable to Relay Attacks

No content preview

Technical Advisory – IBM WebSphere Commerce: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks

No content preview

Technical Advisory – Lenovo ImController Local Privilege Escalation (CVE-2021-3922, CVE-2021-3969)

No content preview

Technical Advisory – Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552)

No content preview

Technical Advisory – Linux RDS Protocol Local Privilege Escalation

No content preview

Technical Advisory – libraptor – XXE in RDF/XML File Interpretation

No content preview

Technical Advisory – New York State Excelsior Pass Vaccine Passport Credential Forgery

No content preview

Technical Advisory – Multiple vulnerabilities in Nuki smart locks (CVE-2022-32509, CVE-2022-32504, CVE-2022-32502, CVE-2022-32507, CVE-2022-32503, CVE-2022-32510, CVE-2022-32506, CVE-2022-32508, CVE-2022-32505)

No content preview

Technical Advisory – macOS Installer Local Root Privilege Escalation (CVE-2020-9817)

No content preview

Technical Advisory – OpenOffice.org Multiple Memory Corruption Vulnerabilities

No content preview

Technical Advisory – Nullsoft Scriptable Installer System (NSIS) – Insecure Temporary Directory Usage

No content preview

Technical Advisory – New York State Excelsior Pass Vaccine Passport Scanner App Sends Data to a Third Party not Specified in Privacy Policy

No content preview

Technical Advisory – ParcelTrack sends all pasteboard data to ParcelTrack’s servers on startup

No content preview

Technical Advisory – Open5GS Stack Buffer Overflow During PFCP Session Establishment on UPF (CVE-2021-41794)

No content preview

Technical Advisory – NXP i.MX SDP_READ_DISABLE Fuse Bypass (CVE-2022-45163)

No content preview

Technical Advisory – Pulse Connect Secure – RCE via Template Injection (CVE-2020-8243)

No content preview

Technical Advisory – playSMS Pre-Authentication Remote Code Execution (CVE-2020-8644)

No content preview

Technical Advisory – play-pac4j Authentication rule bypass

No content preview

Technical Advisory – SonicWall SMA 100 Series – Multiple Unauthenticated Heap-based and Stack-based Buffer Overflow (CVE-2021-20045)

No content preview

Technical Advisory – SonicWall SMA 100 Series – Heap-Based Buffer Overflow (CVE-2021-20043)

No content preview

Technical Advisory – Shop app sends pasteboard data to Shopify’s servers

No content preview

Technical Advisory – Sunhillo SureLine Unauthenticated OS Command Injection (CVE-2021-36380)

No content preview

Technical Advisory – SonicWall SMA 100 Series – Unauthenticated Stored XSS

No content preview

Technical Advisory – SonicWall SMA 100 Series – Post-Authentication Remote Command Execution (CVE-2021-20044)

No content preview

Technical Advisory – VMware Tools Multiple Vulnerabilities

No content preview

Technical Advisory – U-Boot – Unchecked Download Size and Direction in USB DFU (CVE-2022-2347)

No content preview

Technical Advisory – Tesla BLE Phone-as-a-Key Passive Entry Vulnerable to Relay Attacks

No content preview

Technical Advisory – ICTFAX 7-4 – Indirect Object Reference

No content preview

Technical Advisory – Apple macOS XAR – Arbitrary File Write (CVE-2022-22582)

No content preview

Technical Advisory – wolfSSL TLS 1.3 Client Man-in-the-Middle Attack (CVE-2020-24613)

No content preview

Technical Advisory – Linksys WRT160NL – Authenticated Remote Buffer Overflow (CVE-2020-26561)

No content preview

Technical Advisory – Linksys WRT160NL – Authenticated Command Injection (CVE-2021-25310)

No content preview

Technical Advisory – Jitsi Meet Electron – Limited Certificate Validation Bypass (CVE-2020-27161)

No content preview

Technical Advisory – Jitsi Meet Electron – Arbitrary Client Remote Code Execution (CVE-2020-27162)

No content preview

Technical Advisory – SerComm h500s – Authenticated Remote Command Execution (CVE-2021-44080)

No content preview

Technical Advisory – Ollama DNS Rebinding Attack (CVE-2024-28224)

No content preview

Technical Advisory – NULL Pointer Derefence in McAfee Drive Encryption (CVE-2021-23893)

No content preview

Technical Advisory – Multiple Vulnerabilities in Juplink RX4-1800 WiFi Router (CVE-2022-37413, CVE-2022-37414)

No content preview

Technical Advisory: Gaining root access on Sumpple S610 IP Camera via Telnet; and Unprotected client and server data transmission between Android and IOS clients

No content preview

Technical Advisory – SonicWall SMA 100 Series – Unauthenticated File Upload Path Traversal (CVE-2021-20040)

No content preview

Technical Advisory – SonicWall SMA 100 Series – Unauthenticated Arbitrary File Deletion

No content preview

Technical Advisory – SonicWall Global Management System (GMS) & Analytics – Multiple Critical Vulnerabilities

No content preview

Technical Advisory: Adobe ColdFusion RMI Registry.bind() Deserialisation RCE

No content preview

Technical Advisory: Adobe ColdFusion Object Deserialisation RCE

No content preview

Technical Advisory: Administrative Passcode Recovery and Authenticated Remote Buffer Overflow Vulnerabilities in Gigaset DX600A Handset (CVE-2021-25309, CVE-2021-25306)

No content preview

Technical advisory: “ROHNP”- key extraction side channel in multiple crypto libraries

No content preview

Technical Advisory: Code Execution by Unsafe Resource Handling in Multiple Microsoft Products

No content preview

Technical Advisory: Citrix Workspace / Receiver Remote Code Execution Vulnerability

No content preview

Technical Advisory: Authentication rule bypass

No content preview

Technical Advisory: Authentication Bypass in libSSH

No content preview

Technical Advisory: Intel Driver Support & Assistance – Local Privilege Escalation

No content preview

Technical Advisory: Insufficient Proxyman HelperTool XPC Validation

No content preview

Technical Advisory: Heartbleed chained with a Pass-the-Hash attack leads to device compromise on TP-Link C200 IP Camera

No content preview

Technical Advisory: Dell SupportAssist Local Privilege Escalation (CVE-2021-21518)

No content preview

Technical Advisory: Multiple Vulnerabilities in Lexmark Printers

No content preview

Technical Advisory: Multiple Vulnerabilities in HP Printers

No content preview

Technical Advisory: Multiple Vulnerabilities in Accellion File Transfer Appliance

No content preview

Technical Advisory: Mosquitto Broker DoS through a Memory Leak vulnerability

No content preview

Technical Advisory: Nexpose Hard‐coded Java Key Store Passphrase Allows Decryption of Stored Credentials

No content preview

Technical Advisory: Multiple Vulnerabilities in ManageEngine Desktop Central

No content preview

Technical Advisory: Multiple Vulnerabilities in MailEnable

No content preview

Technical Advisory: OS Command Injection in Silver Peak EdgeConnect Appliances (CVE-2020-12148, CVE-2020-12149)

No content preview

Technical Advisory: Reflected Cross-Site Scripting (XSS) vulnerability in Jenkins Delivery Pipeline plugin

No content preview

Technical Advisory: Pulse Connect Secure – RCE via Uncontrolled Gzip Extraction (CVE-2020-8260)

No content preview

Technical Advisory: Pulse Connect Secure – RCE via Uncontrolled Archive Extraction – CVE-2021-22937 (Patch Bypass)

No content preview

Technical Advisory: Pulse Connect Secure – Arbitrary File Read via Logon Message (CVE-2020-8255)

No content preview

Technical Advisory: SMB Hash Hijacking and User Tracking in MS Outlook

No content preview

Technical Advisory: Shell Injection in SourceTree

No content preview

Technical Advisory: Shell Injection in MacVim mvim URI Handler

No content preview

The 9 Lives of Bleichenbacher’s CAT: New Cache ATtacks on TLS Implementations

No content preview

Testing Infrastructure-as-Code Using Dynamic Tooling

No content preview

Testing HTTP/2 only web services

No content preview

Technical Advisory: Unauthenticated SQL Injection in Lansweeper

No content preview

Technical Advisory: Sonos Era 100 Secure Boot Bypass Through Unchecked setenv() call

No content preview

The Case of Missing File Extensions

No content preview

The Automotive Threat Modeling Template

No content preview

The ABCs of NFC chip security

No content preview

The Demise of Signature Based Antivirus

No content preview

The death of USB autorun and the rise of the USB keyboard

No content preview

The CIS Security Standard for Docker available now

No content preview

The Challenges of Fuzzing 5G Protocols

No content preview

The factoring dead: Preparing for the cryptopocalypse

No content preview

The Extended AWS Security Ramp-Up Guide

No content preview

The economics of defensive security

No content preview

The disadvantages of a blacklist-based approach to input validation

No content preview

The L4m3ne55 of Passw0rds: Notes from the field

No content preview

The Importance of a Cryptographic Review

No content preview

The Future of C Code Review

No content preview

The facts about BadUSB

No content preview

The Password is Dead, Long Live the Password!

No content preview

The Paillier Cryptosystem with Applications to Threshold ECDSA

No content preview

The Myth of Twelve More Bytes: Security on the Post-Scarcity Internet

No content preview

The role of security research in improving cyber security

No content preview

The Phishing Guide: Understanding & Preventing Phishing Attacks

No content preview

The Pharming Guide – Understanding and preventing DNS related attacks by phishers

No content preview

The Pentesters Guide to Akamai

No content preview

The Update Framework (TUF) Security Assessment

No content preview

The SSL Conservatory

No content preview

The Spelling Police: Searching for Malicious HTTP Servers by Identifying Typos in HTTP Responses

No content preview

The Sorry State of Aftermarket Head Unit Security

No content preview

Thin Clients: Slim Security

No content preview

They Ought to Know Better: Exploiting Security Gateways via their Web Interfaces

No content preview

There’s A Hole In Your SoC: Glitching The MediaTek BootROM

No content preview

Threat Profiling Microsoft SQL Server

No content preview

Threat Modelling Cloud Platform Services by Example: Google Cloud Storage

No content preview

Threat Intelligence: Benefits for the Enterprise

No content preview

Third party assurance

No content preview

TLSPretense — SSL/TLS Client Testing Framework

No content preview

Time Trial: Racing Towards Practical Remote Timing Attacks

No content preview

Threats and vulnerabilities within the Maritime and shipping sectors

No content preview

Threat Spotlight – Hydra

No content preview

Tool – Windows Executable Memory Page Delta Reporter

No content preview

Toner Deaf – Printing your next persistence (Hexacon 2022)

No content preview

To dock or not to dock, that is the question: Using laptop docking stations as hardware-based attack platforms

No content preview

Tis the Season to Be…

No content preview

Tool Release – HTTPSignatures: A Burp Suite Extension Implementing HTTP Signatures

No content preview

Tool Release – Ghostrings

No content preview

Tool Release – Collaborator++

No content preview

Tool Release – Carnivore: Microsoft External Assessment Tool

No content preview

Tool Release – Principal Mapper v1.1.0 Update

No content preview

Tool Release – Monkey365

No content preview

Tool Release – ICPin, an integrity-check and anti-debug detection pintool

No content preview

Tool Release – shouganaiyo-loader: A Tool to Force JVM Attaches

No content preview

Tool Release – ScoutSuite 5.8.0

No content preview

Tool Release – ScoutSuite 5.12.0

No content preview

Tool Release – Project Kubescout: Adding Kubernetes Support to Scout Suite

No content preview

Tool Release – JWT-Reauth

No content preview

Tool Release – Winstrument: An Instrumentation Framework for Windows Application Assessments

No content preview

Tool Release – Solitude: A privacy analysis tool

No content preview

Tool Release – Socks Over RDP

No content preview

Tool Release – ScoutSuite 5.9.0

No content preview

Tool Release – ScoutSuite 5.13.0

No content preview

Tool Release – ScoutSuite 5.11.0

No content preview

Tool Release – ScoutSuite 5.10

No content preview

Tool Release: Announcing the Release of RtspFuzzer

No content preview

Tool Release: A Simple DLL Injection Utility

No content preview

Tool Release – Web3 Decoder Burp Suite Extension

No content preview

Tool Release – Socks Over RDP Now Works With Citrix

No content preview

Tool Release: Cartographer

No content preview

Tool Release: Calculating SQL Permissions

No content preview

Tool Release: Blackbox iOS App Analysis with Introspy

No content preview

Tool Release: Blackbox Android App Analysis with Introspy

No content preview

Tool Release: Introducing opinel: Scout2’s favorite tool

No content preview

Tool Release: DIBF Tool Suite

No content preview

Tool Release: Code Query (cq)

No content preview

Tool Release: Code Credential Scanner (ccs)

No content preview

Tool Release: PeachFarmer

No content preview

Tool Release: iOS SSL Kill Switch v0.5 Released

No content preview

Tool Release: iOS Secure State Preservation

No content preview

Tool Release: Exploring SSL Pinning on iOS

No content preview

Tool Release: tcpprox

No content preview

Tool Release: SSLyze v 0.9 released – Heartbleed edition

No content preview

Tool Release: SSL pinning bypass and other Android tools

No content preview

Tool Release: Redirecting traffic with dnsRedir.py

No content preview

Tool: WStalker – an easy proxy to support Web API assessments

No content preview

Tool Release: You’ll Never (Ever) Take Me Alive!

No content preview

Tool Release: YoNTMA

No content preview

Tool Release: SSLyze v0.8 released

No content preview

TPM Genie

No content preview

Toxic Tokens: Using UUIDs for Authorization is Dangerous (even if they’re cryptographically random)

No content preview

Tor Browser Research Report Released

No content preview

Top of the Pops: Three common ransomware entry techniques

No content preview

Trusted Gateway

No content preview

Trust in the New Internet Survey

No content preview

Trust in the Internet Survey

No content preview

TPM Genie: Interposer Attacks Against the Trusted Platform Module Serial Bus

No content preview

U plug, we play

No content preview

typofinder

No content preview

tybocer

No content preview

Turla PNG Dropper is back

No content preview

Understanding and Hardening Linux Containers

No content preview

Unauthenticated XML eXternal Entity (XXE) vulnerability

No content preview

umap

No content preview

UK government cyber security guidelines for connected & autonomous vehicles

No content preview

Understanding Ransomware

No content preview

Understanding Microsoft Word OLE Exploit Primitives: Exploiting CVE-2015-1642 Microsoft Office CTaskSymbol Use-After-Free Vulnerability

No content preview

Understanding Microsoft Word OLE Exploit Primitives

No content preview

Understanding cyber risk management vs uncertainty with confidence in 2017

No content preview

Understanding the insider threat & how to mitigate it

No content preview

Understanding the Impact of Ransomware on Patient Outcomes – Do We Know Enough?

No content preview

Understanding Ransomware: Impact, Evolution and Defensive Strategies

No content preview

USB attacks need physical access right? Not any more…

No content preview

Unveiling the Dark Side: A Deep Dive into Active Ransomware Families

No content preview

Unmasking Lorenz Ransomware: A Dive into Recent Tactics, Techniques and Procedures

No content preview

Understanding the root cause of F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902

No content preview

USB Undermining Security Barriers:further adventures with USB

No content preview

USB under the bonnet: Implications of USB security vulnerabilities in vehicle systems

No content preview

USB keyboards by post – use of embedded keystroke injectors to bypass autorun restrictions on modern desktop operating systems

No content preview

Updated: Technical Advisory and Proofs of Concept – Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552)

No content preview

Using graph databases to assess the security of thingernets based on the thingabilities and thingertivity of things

No content preview

Username enumeration techniques and their value

No content preview

Use of Deserialisation in .NET Framework Methods and Classes

No content preview

Use and enforce Multi-Factor Authentication

No content preview

Variations in Exploit methods between Linux and Windows

No content preview

Vaccine Misinformation Part 1: Misinformation Attacks as a Cyber Kill Chain

No content preview

Using SharePoint as a Phishing Platform

No content preview

Using Semgrep with Jupyter Notebook files

No content preview

Visualising Firewall Rulesets – Simplifying Firewall Administration and Spotting the Pivot Point

No content preview

Virtual Access Monitor Multiple SQL Injection Vulnerabilities

No content preview

Violating the Virtual Channel – RDP Testing

No content preview

Violating Database – Enforced Security Mechanisms

No content preview

Vulnerabilities Found In Geofencing Apps

No content preview

VoIP Security Methodology and Results

No content preview

vlan-hopping

No content preview

Weaknesses and Best Practices of Public Key Kerberos with Smart Cards

No content preview

Weak Randomness Part I – Linear Congruential Random Number Generators

No content preview

WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group

No content preview

Vulnerability Overview: Ghost (CVE-2015-0235)

No content preview

Webinar: SMACK, SKIP-TLS & FREAK SSL/TLS vulnerabilities

No content preview

Webinar: 4 Secrets to a Robust Incident Response Plan

No content preview

Webinar – PCI Version 3.0: Are you ready?

No content preview

Welcome to the new NCC Group Global Research blog

No content preview

WebSense content filter bypass when deployed in conjunction with Cisco filtering devices

No content preview

WebRATS

No content preview

WebLogic Plugin HTTP Injection via Encoded URLs

No content preview

Wheel of Fortune Outcome Prediction – Taking the Luck out of Gambling (1)

No content preview

Wheel of Fortune Outcome Prediction – Taking the Luck out of Gambling

No content preview

Whatsupgold Premium Directory traversal

No content preview

What the HEC? Security implications of HDMI Ethernet Channel and other related protocols

No content preview

White Paper: An Introduction to Authenticated Encryption

No content preview

Which database is more secure? Oracle vs. Microsoft

No content preview

When Security Gets in the Way: PenTesting Mobile Apps That Use Certificate Pinning

No content preview

When a Trusted Site in Internet Explorer was Anything But

No content preview

whitebox

No content preview

White Paper: Login Service Security

No content preview

White Paper: Cryptopocalypse Reference Paper

No content preview

White Paper: Browser Extension Password Managers

No content preview

Whitepaper – Exploring the Security of KaiOS Mobile Applications

No content preview

Whitepaper – Coinbugs: Enumerating Common Blockchain Implementation-Level Vulnerabilities

No content preview

Whitepaper – A Heap of Trouble: Breaking the Linux Kernel SLOB Allocator

No content preview

Whitepaper – Double Fetch Vulnerabilities in C and C++

No content preview

Whitepaper – Practical Attacks on Machine Learning Systems

No content preview

Whitepaper – Microcontroller Readback Protection: Bypasses and Defenses

No content preview

Whitepaper – HTTP Digest Integrity: Another look, in light of recent attacks

No content preview

Whitepaper – Hardware-Backed Heist: Extracting ECDSA Keys from Qualcomm’s TrustZone

No content preview

Whitepaper: CA Alternative

No content preview

Whitepaper – XML Schema, DTD, and Entity Attacks: A Compendium of Known Techniques

No content preview

Whitepaper – Weaning the Web off of Session Cookies: Making Digest Authentication Viable

No content preview

Whitepaper – Project Triforce: Run AFL On Everything (2017)

No content preview

Windows 10 USB Mass Storage driver arbitrary code execution in kernel mode

No content preview

Why IoT Security Matters

No content preview

Whitepaper: Recognizing and Preventing TOCTOU

No content preview

Whitepaper: Perfect Forward Security

No content preview

Windows DACLs & Why There Is Still Room for Interest

No content preview

Windows DACL Enum Project

No content preview

Windows 2000 Format String Vulnerabilities

No content preview

Windows Phone 7 Application Security Survey

No content preview

Windows IPC Fuzzing Tools

No content preview

Windows Firewall Hook Enumeration

No content preview

Working with the Open Technology Fund

No content preview

Windows USB RNDIS driver kernel pool overflow

No content preview

Windows remote desktop memory corruptoin leading to RCE on XPSP3

No content preview

Windows Remote Desktop Memory Corruption Leading to RCE on XPSP3

No content preview

WSBang

No content preview

Writing Exploits for Win32 Systems from Scratch

No content preview

Work daily with enforced MFA-protected API access

No content preview

WindowsJobLock

No content preview

Writing Secure ASP Scripts

No content preview

Writing Robust Yara Detection Rules for Heartbleed

No content preview

Writing FreeBSD Kernel Modules in Rust

No content preview

Wubes: Leveraging the Windows 10 Sandbox for Arbitrary Processes

No content preview

WSSiP: A Websocket Manipulation Proxy

No content preview

WSMap

No content preview

Writing Small Shellcode

No content preview

Xendbg: A Full-Featured Debugger for the Xen Hypervisor

No content preview

Xen SMEP (and SMAP) Bypass

No content preview

Xen HYPERVISOR_xen_version stack memory revelation

No content preview

xcavator

No content preview

ZigTools: An Open Source 802.15.4 Framework

No content preview

Zcash Overwinter Consensus and Sapling Cryptography Review

No content preview

Zcash Cryptography and Code Review

No content preview

YoNTMA

No content preview

Public Report – Electric Coin Company NU3 Specification and Blossom Implementation Audit

No content preview

Public Report - Security Risks of AI Hardware for Personal and Edge Computing Devices

No content preview

Zulu

No content preview

Nagios XI Network Monitor – Stored and Reflective XSS

No content preview

Making New Connections – Leveraging Cisco AnyConnect Client to Drop and Run Payloads

No content preview

Analysis of setting cookies for third party websites in different browsers

No content preview

A Census of Deployed Pulse Connect Secure (PCS) Versions

No content preview

Technical Advisory: SQL Injection and Reflected Cross-Site Scripting (XSS) Vulnerabilities in Oracle Communications Diameter Signaling Router (CVE-2020-14787, CVE-2020-14788)

No content preview

Technical advisory: Remote shell commands execution in ttyd

No content preview

Remote Exploitation of Microsoft Office DLL Hijacking (MS15-132) via Browsers

No content preview

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 5: Development of Prototype #1 – Text Processing and Semantic Relationships

No content preview

Matty McMattface: Security implications, mitigations & testing strategies for biometric facial recognition systems

No content preview

Technical advisory: CVE-2017-8592 – XMLHttpRequest in IE followed 307 redirections with additional or customised headers

No content preview

Technical Advisory: Ruby on Rails – Possible XSS Vulnerability in ActionView tag helpers (CVE-2022-27777)

No content preview

Technical Advisory: Stored and Reflected XSS Vulnerability in Nagios Log Server (CVE-2021-35478,CVE-2021-35479)

No content preview

Immortalising 20 Years of Epic Research

No content preview

Forensic Readiness in Container Environments

No content preview

Technical Advisory: Xiaomi 13 Pro Code Execution via GetApps DOM Cross-Site Scripting (XSS)

No content preview

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 7: Development of Prototype #3 – Adventures in Anomaly Detection

No content preview

Technical Advisory: PDFTron JavaScript URLs Allowed in WebViewer UI (CVE-2021-39307)

No content preview

Treat your points as cash

No content preview

Hackproofing Lotus Domino Web Server

No content preview

Public Report: WhatsApp Contacts Security Assessment

No content preview

Defending Your Directory: An Expert Guide to Fortifying Active Directory Certificate Services (ADCS) Against Exploitation

No content preview

Public Report: eBPF Verifier Code Review

No content preview

Nameless and shameless: Ransomware Encryption via BitLocker

No content preview

Defending Your Directory: An Expert Guide to Securing Active Directory Against DCSync Attacks

No content preview

Public Report: XMTP MLS Implementation Review

No content preview

Phish Supper: An Incident Responder’s Bread and Butter

No content preview

On Almost Signing Android Builds

No content preview

Defending Your Directory: An Expert Guide to Mitigating Pass-the-Hash Attacks in Active Directory

No content preview

Defending Your Directory: An Expert Guide to Fortifying Active Directory Against LDAP Injection Threats

No content preview

A glimpse into the shadowy realm of a Chinese APT: detailed analysis of a ShadowPad intrusion

No content preview

A deeper dive into CVE-2021-39137 – a Golang security bug that Rust would have prevented

No content preview

A Brief Review of Bitcoin Locking Scripts and Ordinals

No content preview

PMKID Attacks: Debunking the 802.11r Myth

No content preview

Adventures in the land of BumbleBee – a new malicious loader

No content preview

ABSTRACT SHIMMER (CVE-2020-15257): Host Networking is root-Equivalent, Again

No content preview

A Race to Report a TOCTOU: Analysis of a Bug Collision in Intel SMM

No content preview

A Look At Some Real-World Obfuscation Techniques

No content preview

Announcing the Cryptopals Guided Tour Video 17: Padding Oracles!

No content preview

Android Malware Vultur Expands Its Wingspan

No content preview

Analyzing a PJL directory traversal vulnerability – exploiting the Lexmark MC3224i printer (part 2)

No content preview

Adventures in Windows Driver Development: Part 1

No content preview

Back in Black: Unlocking a LockBit 3.0 Ransomware Attack

No content preview

AWS Inventory: A tool for mapping AWS resources

No content preview

Avoiding Pitfalls Developing with Electron

No content preview

Autochrome

No content preview

Bypassing software update package encryption – extracting the Lexmark MC3224i printer firmware (part 1)

No content preview

BrokenPrint: A Netgear stack overflow

No content preview

Blue Coat BCAAA Remote Code Execution Vulnerability

No content preview

CVE-2018-8611 Exploiting Windows KTM Part 2/5 – Patch analysis and basic triggering

No content preview

CVE-2018-8611 Exploiting Windows KTM Part 1/5 – Introduction

No content preview

Cryptopals: Exploiting CBC Padding Oracles

No content preview

Constant-Time Data Processing At a Secret Offset, Privacy and QUIC

No content preview

CVE-2021-31956 Exploiting the Windows Kernel (NTFS with WNF) – Part 2

No content preview

CVE-2018-8611 Exploiting Windows KTM Part 5/5 – Vulnerability detection and a better read/write primitive

No content preview

CVE-2018-8611 Exploiting Windows KTM Part 4/5 – From race win to kernel read and write primitive

No content preview

CVE-2018-8611 Exploiting Windows KTM Part 3/5 – Triggering the race condition and debugging tricks

No content preview

Detecting and Hunting for the Malicious NetFilter Driver

No content preview

Decoder Improved Burp Suite plugin release part two

No content preview

Dangers of Kubernetes IAM Integrations

No content preview

CVE-2021-31956 Exploiting the Windows Kernel (NTFS with WNF) – Part 1

No content preview

Disabling Office Macros to Reduce Malware Infections

No content preview

Detecting Mimikatz with Busylight

No content preview

Detecting and Protecting when Remote Desktop Protocol (RDP) is open to the Internet

No content preview

Detecting and Hunting for the PetitPotam NTLM Relay Attack

No content preview

Exploiting MS15-061 Use-After-Free Windows Kernel Vulnerability

No content preview

eBPF Adventures: Fiddling with the Linux Kernel and Unix Domain Sockets

No content preview

earlyremoval, in the Conservatory, with the Wrench: Exploring Ghidra’s decompiler internals to make automatic P-Code analysis scripts

No content preview

Discovering Smart Contract Vulnerabilities with GOATCasino

No content preview

How I did not get a shell

No content preview

HITBAMS – Your Not so “Home” Office – Soho Hacking at Pwn2Own

No content preview

Hardware Security By Design: ESP32 Guidance

No content preview

Exploiting the Sudo Baron Samedit vulnerability (CVE-2021-3156) on VMWare vCenter Server 7.0

No content preview

McAfee Email and Web Security Appliance v5.6 – Arbitrary file download is possible with a crafted URL, when logged in as any user

No content preview

Log4Shell: Reconnaissance and post exploitation network detection

No content preview

Improving Software Security through C Language Standards

No content preview

How Microsoft Office knows a document came from the Internet and might be dangerous

No content preview

Much Ado About Hardware Implants

No content preview

Modelling Threat Actor Phishing Behaviour

No content preview

Mitigating the top 10 security threats to GCP using the CIS Google Cloud Platform Foundation Benchmark

No content preview

Metastealer – filling the Racoon void

No content preview

Past, Present and Future of Effective C

No content preview

OffensiveCon 2023 – Exploit Engineering – Attacking the Linux Kernel

No content preview

North Korea’s Lazarus: their initial access trade-craft using social media and social engineering

No content preview

NETGEAR Routers: A Playground for Hackers?

No content preview

Real World Cryptography Conference 2024

No content preview

Real World Cryptography Conference 2023 – Part II

No content preview

Puckungfu 2: Another NETGEAR WAN Command Injection

No content preview

Popping Blisters for research: An overview of past payloads and exploring recent developments

No content preview

SETTLERS OF NETLINK: Exploiting a limited UAF in nf_tables (CVE-2022-32250)

No content preview

Security Code Review With ChatGPT

No content preview

Reverse, Reveal, Recover: Windows Defender Quarantine Forensics

No content preview

Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121)

No content preview

Sifting through the spines: identifying (potential) Cactus ransomware victims

No content preview

Shooting Yourself in the .flags – Jailbreaking the Sonos Era 100

No content preview

Shining the Light on Black Basta

No content preview

Shaking The Foundation of An Online Collaboration Tool: Microsoft 365 Top 5 Attacks vs the CIS Microsoft 365 Foundation Benchmark

No content preview

Stepping Insyde System Management Mode

No content preview

State of DNS Rebinding in 2023

No content preview

SnapMC skips ransomware, steals data

No content preview

Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)

No content preview

Technical Advisory – Multiple Vulnerabilities in Connectize G6 AC2100 Dual Band Gigabit WiFi Router (CVE-2023-24046, CVE-2023-24047, CVE-2023-24048, CVE-2023-24049, CVE-2023-24050, CVE-2023-24051, CVE-2023-24052)

No content preview

Technical Advisory – Multiple HTML Injection Vulnerabilities in KaiOS Pre-installed Mobile Applications

No content preview

Stepping Stones – A Red Team Activity Hub

No content preview

Technical Advisory – Multiple Vulnerabilities in Netgear ProSAFE Plus JGS516PE / GS116Ev2 Switches

No content preview

Technical Advisory – Multiple Vulnerabilities in Nagios XI

No content preview

Technical Advisory – Multiple Vulnerabilities in Faronics Insight (CVE-2023-28344, CVE-2023-28345, CVE-2023-28346, CVE-2023-28347, CVE-2023-28348, CVE-2023-28349, CVE-2023-28350, CVE-2023-28351, CVE-2023-28352, CVE-2023-28353)

No content preview

Technical Advisory – OpenJDK – Weak Parsing Logic in java.net.InetAddress and Related Classes

No content preview

Technical Advisory: Multiple Vulnerabilities in Ricoh Printers

No content preview

Technical Advisory – Multiple Vulnerabilities in Victure WR1200 WiFi Router (CVE-2021-43282, CVE-2021-43283, CVE-2021-43284)

No content preview

Technical Advisory – Multiple Vulnerabilities in Trendnet TEW-831DR WiFi Router (CVE-2022-30325, CVE-2022-30326, CVE-2022-30327, CVE-2022-30328, CVE-2022-30329)

No content preview

Technical Advisory – Multiple Vulnerabilities in PandoraFMS Enterprise

No content preview

Technical Advisory: containerd – containerd-shim API Exposed to Host Network Containers (CVE-2020-15257)

No content preview

Technical Advisory: Command Injection

No content preview

Technical Advisory: Adobe ColdFusion WDDX Deserialization Gadgets

No content preview

Technical Advisory: Multiple Vulnerabilities in Xerox Printers

No content preview

Technical Advisory: Multiple Vulnerabilities in Kyocera Printers

No content preview

Technical Advisory: Multiple Vulnerabilities in Brother Printers

No content preview

Technical Advisory: CyberArk EPM Non-paged Pool Buffer Overflow

No content preview

There’s Another Hole In Your SoC: Unisoc ROM Vulnerabilities

No content preview

The Next C Language Standard (C23)

No content preview

Testing Two-Factor Authentication

No content preview

Tool Release – Reliably-checked String Library Binding

No content preview

Tool Release – insject: A Linux Namespace Injector

No content preview

Tool Release – Enumerating Docker Registries with go-pillage-registries

No content preview

Threat Actors: exploiting the pandemic

No content preview

Tracking a P2P network related to TA505

No content preview

Tool Update – ruby-trace: A Low-Level Tracer for Ruby

No content preview

Tool Release: Sinking U-Boots with Depthcharge

No content preview

Tool Release: Magisk Module – Conscrypt Trust User Certs

No content preview

BlackHat USA 2024 - Listen-Up: Sonos Over-The-Air Remote Kernel Exploitation and Covert Wiretap

No content preview

Vehicle Emissions and Cyber Security

No content preview

Using AWS and Azure for Cost Effective Log Ingestion with Data Processing Pipelines for SIEMs

No content preview

Whitepaper – A Tour of Curve 25519 in Erlang

No content preview

Research Blog Test Playground

No content preview

RomHack – Revving Up: The Journey to Pwn2Own Automotive 2024

No content preview

The Dark Side: How Threat Actors Leverage AnyDesk for Malicious Activities

No content preview

Technical Advisory: Cross-Site Scripting in Umbraco Rich Text Display

No content preview

Machine Learning 102: Attacking Facial Authentication with Poisoned Data

No content preview

Machine Learning 101: The Integrity of Image (Mis)Classification?

No content preview

Proxying PyRIT for fun and profit

No content preview

NCC Group’s Exploit Development Capability: Why and What

No content preview

The why behind web application penetration test prerequisites

No content preview

Social Engineering Penetration Testing

No content preview

NCC Group’s 2024 Annual Research Report

No content preview

A Primer On Slowable Encoders

No content preview

Security Tips For Your AI Cloud Infrastructure

No content preview

Technical Advisory – Hash Denial-of-Service Attack in Multiple QUIC Implementations

No content preview

How organisations can properly configure SSL services to ensure the integrity and confidentiality of data in transit

No content preview

Auditing Enterprise Class Applications and Secure Containers on Android

No content preview

An Introduction to Authenticated Encryption

No content preview

Absolute Security

No content preview

Building Systems from Commercial Components

No content preview

Blind Exploitation of Stack Overflow Vulnerabilities

No content preview

BLEBoy

No content preview

Aurora Response Recommendations

No content preview

Deception Engineering: exploring the use of Windows Service Canaries against ransomware

No content preview

CERT Oracle Secure Coding Standard for Java

No content preview

CERT C Secure Coding Standard

No content preview

Car Parking Apps Vulnerable To Hacks

No content preview

HTML5 Security The Modern Web Browser Perspective

No content preview

Exposing Vulnerabilities in Media Software

No content preview

Developing Secure Mobile Applications for Android

No content preview

Defeating Windows DEP With A Custom ROP Chain

No content preview

Jenkins Plugins and Core Technical Summary Advisory

No content preview

Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs

No content preview

iSEC’s Analysis of Microsoft’s SDL and its ROI

No content preview

iOS Application Security: The Definitive Guide for Hackers and Developers

No content preview

MeshyJSON: A TP-Link tdpServer JSON Stack Overflow

No content preview

Mallory: Transparent TCP and UDP Proxy

No content preview

Mallory and Me: Setting up a Mobile Mallory Gateway

No content preview

NCLoader

No content preview

NCC Group WhitepaperUnderstanding and HardeningLinux ContainersJune 29, 2016 – Version 1.1

No content preview

NCC Group Connected Health Whitepaper July 2019

No content preview

Modernizing Legacy Systems: Software Technologies, Engineering Processes, and Business Practices

No content preview

Secure Coding in C and C++, 2nd Edition

No content preview

Professional C Programming LiveLessons, (Video Training) Part I: Writing Robust, Secure, Reliable Code

No content preview

Practical Considerations of Right-to-Repair Legislation

No content preview

Nine years of bugs at NCC Group

No content preview

Security Compliance as an Engineering Discipline

No content preview

Secure Coding Rules for Java LiveLessons, Part 1

No content preview

Secure Coding in C and C++

No content preview

SQL Server Security

No content preview

Software Verification and Analysis Using Z3

No content preview

SMB hash hijacking & user tracking in MS Outlook

No content preview

Self-Driving Cars- The future is now…

No content preview

Technical Advisory: Code Execution by Viewing Resource Files in .NET Reflector

No content preview

Technical Advisory: Bypassing Workflows Protection Mechanisms – Remote Code Execution on SharePoint

No content preview

Technical Advisory: Bypassing Microsoft XOML Workflows Protection Mechanisms using Deserialisation of Untrusted Data

No content preview

Tattler

No content preview

Technical Advisory: Unauthenticated Remote Command Execution through Multiple Vulnerabilities in Virgin Media Hub 3.0

No content preview

Technical Advisory: Multiple Vulnerabilities in SmarterMail

No content preview

Technical Advisory: Mitel MiVoice 5330e Memory Corruption Flaw

No content preview

Technical Advisory: IP Office Stored Cross Site Scripting (XSS) Vulnerability

No content preview

The Database Hacker’s Handbook

No content preview

The CERT® C Coding Standard, Second Edition: 98 Rules for Developing Safe, Reliable, and Secure Systems

No content preview

The Browser Hacker’s Handbook

No content preview

Comparing AI Against Traditional Static Analysis Tools to Highlight Buffer Overflows

No content preview

44CON - Charging Ahead: Exploiting an EV Charger Controller at Pwn2Own Automotive 2024

No content preview

The Shellcoder’s Handbook: Discovering and Exploiting Security Holes, 2nd Edition

No content preview

The Mobile Application Hacker’s Handbook

No content preview

Analyzing Secure AI Design Principles

No content preview

Defending Your Directory: An Expert Guide to Combating Kerberoasting in Active Directory

No content preview

Announcing the Cryptopals Guided Tour Video 18: Implement CTR

No content preview

Auditing K3s Clusters

No content preview

A Rendezvous with System Management Interrupts

No content preview

Weak Passwords Led to (SafePay) Ransomware…Yet Again

No content preview

Analyzing Secure AI Architectures

No content preview

Technical Advisory: Espressif Systems - ESP32 BluFi Reference Application Vulnerabilities

No content preview

Technical Advisory: Multiple Vulnerabilities in TCPDF

No content preview

Insomnihack - Pioneering Zero Days at Pwn2Own Automotive 2024

No content preview

In-Depth Technical Analysis of the Bybit Hack

No content preview

Handy guide to a new Fivehands ransomware variant

No content preview

Pumping Iron on the Musl Heap – Real World CVE-2022-24834 Exploitation on an Alpine mallocng Heap

No content preview

Analyzing AI Application Threat Models

No content preview

An Engineer’s View: Operational Technology

No content preview

Pentesting V. Red Teaming V. Bug Bounty

No content preview

Technical Advisory – Lansweeper Privilege Escalation via CSRF Using HTTP Method Interchange (CVE-2020-13658)

No content preview

Lights, Camera, HACKED! An insight into the world of popular IP Cameras

No content preview

Rustproofing Linux (Part 2/4 Race Conditions)

No content preview

Rustproofing Linux (Part 1/4 Leaking Addresses)

No content preview

VeChain JavaScript SDK Cryptography and Security Review

No content preview

The Development of a Telco Attack Testing Tool

No content preview

Cross-Execute Your Linux Binaries, Don’t Cross-Compile Them

No content preview

Rustproofing Linux (Part 4/4 Shared Memory)

No content preview

Rustproofing Linux (Part 3/4 Integer Overflows)

No content preview

Why AI Will Not Fully Replace Humans for Web Penetration Testing

No content preview

Online Casino Roulette – A guideline for penetration testers and security researchers

No content preview

EAP-TLS: The most secure option?

No content preview

GSM/GPRS Traffic Interception for Penetration Testing Engagements

No content preview

IG Learner Walkthrough

No content preview ( 14 min )

Open

Enable hidden Windows features with the free ViVeTool

ViVeTool is an open-source tool for Windows 10 and Windows 11 that allows you to enable or disable hidden or experimental Windows features. Microsoft often tests new features in Insider builds that are not immediately visible to all users. This program lets you manually control these hidden features without waiting for official updates. Source
Open

Quantum Data Centre of the Future

No content preview ( 10 min )

Open

Migrate Certification Authority to Windows Server 2025

In an earlier article, I discussed migrating an Active Directory domain controller to Windows Server 2025. This article explains how to migrate Active Directory Certificate Services (AD CS) by transferring the Certification Authority role to Windows Server 2025. Source
Open

How we turned a real car into a Mario Kart controller by intercepting CAN data

TL;DR Introduction If you went to our PTP Cyber Fest over the Infosec week you may have seen the PTP hack car being used as a games controller for the game SuperTuxKart (a free and open-source Mario Kart type game). You really could steer, accelerate and brake using the car, ‘driving’ the on screen kart! […] The post How we turned a real car into a Mario Kart controller by intercepting CAN data appeared first on Pen Test Partners. ( 10 min )

Open

Warp 2.0: AI terminal evolves into Agentic Development Environment (AGE)

The brand-new Warp 2.0 no longer wants to be just an AI-powered terminal. The Warp team appears to be taking inspiration from Anthropic’s Claude Code and OpenAI’s Codex CLI. Both AI-driven coding tools target devs who prefer to code in a terminal instead of working in an Integrated Development Environment (IDE). Zach Lloyd, Warp's CEO, is eager to join the AI agent race, believing that features like the Agent Management Panel, diffs, and a built-in editor can transform a CLI tool into a vibe coding platform or what he calls an Agentic Development Environment (AGE). Source
Open

Sipping from the CVE Firehose: How We Prioritize Emerging Threats for Real-World Impact

With tens of thousands of CVEs flooding in each year, how do you spot the ones that actually matter? At Bishop Fox, we’ve built a smarter way to cut through the noise and act fast on real-world threats. Here’s how we prioritize CVEs that truly impact our customers. ( 8 min )

Open

Security Advisory: Anthropic's Slack MCP Server Vulnerable to Data Exfiltration

This is a security advisory for a data leakage and exfiltration vulnerability in a popular, but now deprecated and unmaintained, Slack MCP Server from Anthropic. If you are using this MCP server, or run an “MCP Store” that hosts it, it is advised that you analyze how this threat applies to your use case and apply a patch as needed. Anthropic’s Slack MCP Server When Anthropic introduced MCP they published reference server implementations on Github. ( 5 min )
Open

Remote MCP: Streamable Data Input/Output (SDIO), Server-Sent Events (SSE), Streamable HTTP

Recently, leading AI companies announced support for remote MCP, allowing an MCP client to connect to a remote MCP server via Streamable HTTP, which still supports Server-Sent Events (SSE). The Streamable Data Input/Output (SDIO) protocol remains essential for local integrations and remote services, which are accessible only through conventional APIs. In my opinion, the excitement surrounding new model releases has lost its significance. AI model developers seem to primarily focus on optimizing their models for AI benchmarks. However, the genuine innovations occur in the technologies surrounding AI models—most notably in AI agents and the supporting infrastructure in which remote MCP servers will play an important role. Source
Open

Maturing your smart contracts beyond private key risk

Private key compromise accounted for 43.8% of crypto hacks in 2024, yet traditional smart contract audits rarely address architectural access control weaknesses. This post introduces a four-level maturity framework for designing protocols that can tolerate key compromise, progressing from single EOA control to radical immutability, with practical examples demonstrating multisigs, timelocks, and the principle of least privilege. ( 9 min )
Open

Chainspotting 2: The Unofficial Sequel to the 2018 Talk "Chainspotting" - OffensiveCon 2025

No content preview ( 6 min )

OCP S.A.F.E. How-to

No content preview ( 9 min )

Open

Install Apple Container CLI: Running containers natively on macOS 15 (Sequoia) and macOS 26 (Tahoe)

In my previous article, I introduced Apple's new Containerization solution for macOS and compared it with Docker Desktop. In today's post, I'll explain how to install Apple’s new Container CLI—a Swift‑based, open‑source tool—for running OCI‑compliant Linux containers on your Mac. Native container support will launch in macOS 26 (Tahoe), but you can install and utilize the Container CLI on macOS 15 with certain limitations. In the step‑by‑step guide, I will explain how to install, configure, and start running containers with Apple’s fresh alternative to Docker Desktop. Source
Open

2025 Red Team Tools – Cloud & Identity Exploitation, Evasion & Developer Libraries

Explore the next wave of Red Team tools focused on cloud, identity, evasion, and developer libraries—where stealth, creativity, and adaptability matter more than flashy features. Learn how Bishop Fox operators turn techniques into strategic advantage. ( 8 min )
Open

Unexpected security footguns in Go's parsers

File parsers in Go contain unexpected behaviors that can lead to serious security vulnerabilities. This post examines how JSON, XML, and YAML parsers in Go handle edge cases in ways that have repeatedly resulted in high-impact security issues in production systems. We explore three real-world attack scenarios: marshaling/unmarshaling unexpected data, exploiting parser differentials, and leveraging data format confusion. Through examples, we demonstrate how attackers can bypass authentication, circumvent authorization controls, and exfiltrate sensitive data by exploiting these parser behaviors. ( 13 min )
Open

Samsung Galaxy S24 Pwn2Own Ireland 2024

No content preview ( 5 min )

Open

Apple Container vs. Docker Desktop

At WWDC 2025, Apple announced the Containerization Framework and Container CLI, a solution for creating and running Linux containers as lightweight virtual machines on Mac. This article is geared toward developers, sysadmins, and DevOps engineers who want to understand how Apple Container works under the hood and how it compares to Docker Desktop. Source
Open

Is b For Backdoor? Pre-Auth RCE Chain In Sitecore Experience Platform

Welcome to June! We’re back—this time, we're exploring Sitecore’s Experience Platform (XP), demonstrating a pre-auth RCE chain that we reported to Sitecore in February 2025. We’ve spent a bit of time recently looking at CMS’s given the basic ( 22 min )
Open

Android AI UX is great until it leaks your data

TL;DR Introduction I’m quite a curmudgeon about whether we should report some of the traditional security findings because of a lack of actual risk, something I have written about and even given a talk about. Inside our tech team, I raise up what I call “vulnerabilities that aren’t” where there is little risk in most […] The post Android AI UX is great until it leaks your data appeared first on Pen Test Partners. ( 8 min )
Open

Cracking Mifare Classic 1K: RFID, Charlie Cards, and Free Subway Rides

No content preview ( 16 min )
Open

Visual Summary of SANS ICS Security Summit 2025

SANS Cybersecurity Blog pertaining to a summary of the SANS ICS Security Summit 2025 ( 10 min )

Open

VMwareResolutionSet.exe VMwareResolutionSet.dll lolbin

If you still use VMWare, your Windows guest system will benefit from an installation of VMWare Tools. The VMWare Tools package is usually installed into this directory: c:\Program Files\VMware\VMware Tools It turns out that running the executable: c:\Program Files\VMware\VMware Tools\VMwareResolutionSet.exe … Continue reading → ( 2 min )
Open

Expanding on ChunkyIngress - Clippy Goes Rogue (GoClipC2)

GoClipC2: A covert Windows clipboard-based C2 channel for VDI/RDP environments. Bypasses network monitoring with encrypted Base64 messaging. ( 10 min )
Open

New Tool: myipaddress.py

This is a new tool that I use for IPv4 operations, like generating a list of CIDRs based on ASNs, checking if IPv4 addresses are members of CIDRs, … Here is the man page: myipaddress_V0_0_1.zip (http)MD5: 839550C3E5C6A07C088D27EFD51BE2F7SHA256: F4DCF325E578F797B3D15316E797EB359E1DA13255E9644841593A1C1C5A9F54 ( 13 min )

Open

Add End task button to the taskbar in Windows 11

Windows 11 (version 22H2 and later) lets you add an End task button to the taskbar's right-click context menu. In this article, you will learn how to enable the feature and how to utilize it within the Task Manager. Source
Open

Two months of Burp AI: empowering security testers with the future of AppSec

It’s been a whirlwind two months since AI-powered features landed in Burp Suite Professional. Thousands of security testers across the world have been using Burp AI to find vulnerabilities and secure ( 5 min )
Open

PTP Cyber Fest 2025. More than just another conference

TL;DR: When we planned the first PTP Cyber Fest last year, we set out to create something different from the usual cybersecurity events. After two busy days last week, we can proudly say the event delivered exactly what we hoped for and more. Paying it forward Cyber Fest has always been about creating space for […] The post PTP Cyber Fest 2025. More than just another conference appeared first on Pen Test Partners. ( 6 min )
Open

Update: myjson-filter.py Version 0.0.9

I added value stdout for option -W. -W stdout: will write all items to stdout (binary) without any end-of-line.To include an end-of-line, specify a Python string, like this:-W stdout:’\n’ this will add a newline to the end of the item-W stdout:’\r’ this will add a carriage return to the end of the item-W stdout:’\r\n’ this […] ( 11 min )

Open

Docker Desktop MCP catalog: Connect installed MCP servers to GitHub Copilot in VS Code, and Claude Desktop

The MCP catalog in Docker Desktop has been available for a couple of weeks now. However, MCP support only works properly in the just-released Docker Desktop 4.42. The Docker Desktop MCP server catalog significantly simplifies installing MCP servers for any MCP client. I tested it with Gordon (Docker Desktop chatbot), Anthropic Claude Desktop, and VS Code GitHub Copilot on macOS, but the process should be identical on Windows. Source
Open

Introducing: GitHub Device Code Phishing

What if all it took to compromise a GitHub organization–and thus, the organization’s supply chain–was an eight-digit code and a phone call? Introducing: GitHub Device Code Phishing. While security teams have been battling Azure Active Directory device code phishing attacks for years, threat actors have overlooked GitHub’s OAuth2 device flow as an attack vector. At […] The post Introducing: GitHub Device Code Phishing appeared first on Praetorian. ( 27 min )
Open

Update: search-for-compression.py 0.0.5

I added option -u (–unique) to remove duplicates to search-for-compressions.py. ( 11 min )
Open

CVE-2025-26685 – Spoofing to Elevate Privileges with Microsoft Defender for Identity

Discover how NetSPI uncovered and reported a vulnerability in Microsoft Defender for Identity that allowed unauthenticated attackers to perform spoofing and elevate privileges. The post CVE-2025-26685 – Spoofing to Elevate Privileges with Microsoft Defender for Identity appeared first on NetSPI. ( 18 min )

Open

Assign recommended Windows security settings with the free Harden Windows Security app

Windows offers a wide array of security-related features and configuration options, but many are either disabled by default or not configured correctly. While Microsoft’s Security Baselines provide valuable guidance, the free Harden Windows Security tool offers a significantly faster and more comprehensive way to implement robust security settings. Source
Open

Update: pecheck.py Version 0.7.18

This is a bugfix version. pecheck-v0_7_18.zip (http)MD5: 813F309837091B2035A18272AE5F053FSHA256: 2976562A8B12F0CDD3E9DBF56929B391CA73AF91906EABC18E9CD663A17155AD ( 11 min )

Open

Warp Launch Log 3: MCP support, refine prompt, image upload, reusable prompts, git support

Warp, the top terminal app with AI support, has introduced new features in its GA release, including MCP support and Refine for AI responses. The Preview release now allows image uploads and the saving of reusable AI prompts. I also found a few new features that weren’t mentioned in the Launch Log 3 post. Source
Open

Update: Dumping Entra Connect Sync Credentials

No content preview
Open

Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets

This report uncovers a set of related threat clusters linked to PurpleHaze and ShadowPad operators targeting organizations, including cybersecurity vendors. ( 36 min )
Open

Hosting COM Servers with an MCP Server

When the Model Context Protocol (MCP) came out it reminded me of the Common Object Model (COM) from Microsoft. COM has been around for decades and it’s used for programming, scripting, sharing of functionality at a binary/object level across languages and hosts. Via DCOM all of this can even be done remotely, and well, it’s also useful for red teaming. A lot of software on Windows was/is implemented as COM objects, including Microsoft Office. ( 3 min )
Open

Public Report - VeChainThor Galactica Security Assessment

No content preview ( 6 min )
Open

Update: pngdump.py Version 0.0.7

This update to pngdump.py adds an index for chunks, and allows for the selection of a chunk via its index. ( 11 min )

Open

Where You Inject Matters: The Role-Specific Impact of Prompt Injection Attacks on OpenAI models

No content preview ( 7 min )
Open

Quickpost: USB-C Couplers

I have this USB C coupler to connect 2 USB C cables. The coupler has 2 female connectors: I use it to extend my cables when charging: But it doesn’t always work. Sometimes it does, sometimes it doesn’t (e.g., the device is not charging). So I assumed this coupler was defective, and got another one: […] ( 12 min )

Open

Python Requirements for Didier Stevens Suite

Although many of my tools have zero or a just a few dependencies (it’s a design decision), I’ve had requests to create a requirements file. It is available now in Didier Stevens Suite ZIP file and on GitHub. Some dependencies are only necessary when you actually use the corresponding feature. For example, many of my […] ( 12 min )

Open

How to activate the built-in Administrator account in Windows 11

Activating the built-in Administrator account in Windows 11 can be essential for IT administrators in specific scenarios. This comprehensive guide explores the differences between the built-in Administrator and user-created administrator accounts, outlines secure methods to enable the account, and discusses best practices to mitigate potential security risks. Whether managing system recovery, configuring deployments, or troubleshooting complex issues, understanding how to activate and manage the Windows 11 Administrator account safely is crucial for maintaining a secure and efficient IT environment. Source

Open

The Cost Savings of Fixing Security Flaws in Development

No content preview ( 7 min )

Open

A New Approach to Proving Cybersecurity Value (That Isn’t ROI)

In this blog, we are excited to announce our white paper on Return on Mitigation (RoM), a framework we designed to quantify the financial impact of security programs in a way that speaks to business leaders. ( 6 min )

Celebrating 10 Years of Partnership: Snap and HackerOne Reach $1M in Bounties

At Snap, security is more than a priority—it’s a core mission. Over the past decade, Snap has partnered with HackerOne to build and sustain a robust bug bounty program. This collaboration has led to major milestones, including paying security researchers over $1M in bounties. To celebrate this achievement and their 10-year partnership, we spoke with Jim Higgins, Snap's Chief Information Security Officer, Vinay Prabhushankar, Snap’s Security Engineering Manager, and Ilana Arbisser, Snap’s Privacy Engineer.

Open

Women@ Kicks Off the Year with a Vision Board Event

No content preview ( 4 min )

Open

Gain Actionable, Data-backed Insights with HackerOne Recommendations

What if your security program could self-optimize: analyze trends, identify weak points, and proactively propose actionable steps to strengthen defenses? With HackerOne Recommendations, it can. ( 5 min )

Open

Welcome, Hackbots: How AI Is Shaping the Future of Vulnerability Discovery

What are Hackbots and how are they impacting vulnerability discovery and the researcher community? ( 6 min )

Open

DORA Compliance Is Here: What Financial Entities Should Know

The new DORA regulation: everything your organization needs to know about its impact and how to comply. ( 5 min )

Open

Protecting Critical Infrastructure: A Tale of Two National Cybersecurity Strategies

The term “special relationship,” coined by Winston Churchill, describes the close, longstanding alliance between the United States and the United Kingdom. It has been applied to cooperation during war, to trade and commerce, and even to intelligence sharing. That special relationship has clearly influenced the two nations’ recent policy papers on national cybersecurity. The U.K. […] The post Protecting Critical Infrastructure: A Tale of Two National Cybersecurity Strategies appeared first on Synack. ( 7 min )

Open

Scoping Adventures: How to Get the Most Out of Your Synack Pentesting

Scoping Adventures is a series of blogs about some of the more interesting penetration tests that the Synack Customer Success teams have worked on over the last few months. Each blog outlines how we engage with the client to achieve the best results from a pentest. Pentesters love colors—red, blue, purple, black, white and grey […] The post Scoping Adventures: How to Get the Most Out of Your Synack Pentesting appeared first on Synack. ( 11 min )

Open

Applying Strategic Thinking in Your Pentesting Program

The Synack Platform & Five Pillars of Strategic Pentesting Why You Need to Think Strategically It’s no great revelation that tactics, techniques, and procedures utilized by nefarious hackers hacking activities are evolving on a daily basis. In 2022, 18,828 common vulnerabilities and exposures (CVEs) were published. At the same time, organization attack surfaces are expanding. […] The post Applying Strategic Thinking in Your Pentesting Program appeared first on Synack. ( 7 min )

Open

The U.S. has a new cybersecurity strategy. What’s next for CISOs?

One week ago, the Biden administration unveiled its long-awaited U.S. National Cybersecurity Strategy, with an eye toward centralizing government cyber resources and holding IT vendors more accountable for their digital defenses. Now that the ink is dry on the 35-page document, top officials like Acting National Cyber Director Kemba Walden are busy putting it into […] The post The U.S. has a new cybersecurity strategy. What’s next for CISOs? appeared first on Synack. ( 7 min )