MuddyWater, also known as Static Kitten and Mercury, is a cyber espionage group that’s most likely a subordinate element within Iran's Ministry of Intelligence and Security (MOIS).

A vulnerability in SPNEGO NEGOEX has been reclassified as "Critical" after it was discovered that it could allow attackers to remotely execute code.

Since August 2022, we have seen an increase in infections of Truebot (aka Silence.Downloader) malware. Truebot was first identified in 2017 and researchers have linked it to a threat actor called Silence Group that is responsible for several high-impact attacks…

Step by step and using custom taint analysis to detect heap security issues

IATelligence is a Python script that will extract the IAT of a PE file and request GPT to get more information about the API and the ATT&CK matrix related - fr0gger/IATelligence

Sometimes you are asked to perform a firewall analysis to determine if the configuration can be improved upon to reduce the ability for an attacker to move laterally through the network or identify…

Thanks to Brad Duncan for sharing this pcap! https://www.malware-traffic-analysis.net/2022/10/31/index.html We did a quick analysis of this ...

[PoC] Command injection via PDF import in Markdown Preview Enhanced (VSCode, Atom) - yuriisanin/CVE-2022-45025

A lot of the functionality in Windows is based around various kernel objects. One such object is a Directory, not to be confused with a directory in a file system. A Directory object is conceptuall…

Due to insecure file handling issues of the SAP® Host Agent, a local attacker can exploit the helper binary saposcol to escalate privileges on UNIX systems. Successful exploitation leads to full system compromise with root access.

Native Pcode emulator. Contribute to Nalen98/GhidraEmu development by creating an account on GitHub.

Author: Daejin Lee, Seunghoe Kim, Donguk Kim, Eugene Jang

A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass...

Aqua discusses how Tracee monitors for the Dirty Pipe vulnerability and how in-kernel technology like eBPF monitors writes that result from it.

Tl;dr : This article is analysis of over 50 submissions for a JavaScript integer overflow challenge. Many submissions did not address the root cause. A range check on the input as well as arithmetic output using a right data type can eliminate the vulnerability.…

Earlier this year, the SEC Consult Vulnerability Lab published a technical security advisory on different critical vulnerabilities in Zyxel devices, resulting from insecure coding practices and insecure configuration. Those also included a highly critical…

The ‘Internet of Things’ is coming! It started as an overused marketing hype with no real use case (who needs internet connected fridges? Who wants the internet connected toilet paper?)…