Analyzing ELF/Sshdinjector.A!tr with a Human and Artificial Analyst #FortiGuardLabs #AIanalysis #ELF/Sshdinjector #malware #ThreatResearch https://www.fortinet.com/blog/threat-research/analyzing-elf-sshdinjector-with-a-human-and-artificial-analyst
Fortinet Blog
Analyzing ELF/Sshdinjector.A!tr with a Human and Artificial Analyst
FortiGuard Labs reverse engineers a malware’s binaries to look into what the malware is actually doing.…
Nice website to check how much the infosec salaries are #GlobalSalaryIndex #Cybersecurity #InfoSec #isecjobs #TransparentData https://isecjobs.com/insights/our-global-salary-index-2025-is-now-live/
foo🦍
foo🦍 ~/all coding
The career platform for coders, builders, hackers and makers.
How to prove false statements? (Part 1) #Cryptography #RandomOracleModel #FalseStatementProof #PracticalAttacks #ZKSchemes https://blog.cryptographyengineering.com/2025/02/04/how-to-prove-false-statements-part-1/
A Few Thoughts on Cryptographic Engineering
How to prove false statements? (Part 1)
Trigger warning: incredibly wonky theoretical cryptography post (written by a non-theorist)! Also, this will be in two parts. I plan to be back with some more thoughts on practical stuff, like clou…
GPUAF - Two ways of Rooting
All Qualcomm based Android
phones https://powerofcommunity.net/poc2024/Pan%20Zhenpeng%20&%20Jheng%20Bing%20Jhong,%20GPUAF%20-%20Two%20ways%20of%20rooting%20All%20Qualcomm%20based%20Android%20phones.pdf
All Qualcomm based Android
phones https://powerofcommunity.net/poc2024/Pan%20Zhenpeng%20&%20Jheng%20Bing%20Jhong,%20GPUAF%20-%20Two%20ways%20of%20rooting%20All%20Qualcomm%20based%20Android%20phones.pdf
0x07 - Introduction to Windows Kernel Race Conditions #WindowsKernel #RaceCondition #VulnerabilityType #Exploitation #DoubleFetch https://wetw0rk.github.io/posts/0x07-introduction-to-windows-kernel-race-conditions/
wetw0rk.github.io
0x07 - Introduction to Windows Kernel Race Conditions
NEW No-Click Critical Vulnerability in Microsoft Windows: CVE-2025-21298 #MicrosoftWindows #CriticalVulnerability #CVE2025-21298 #Cybersecurity #HackersArise https://www.hackers-arise.com/post/new-no-click-critical-vulnerability-in-microsoft-windows-cve-2025-21298
Hackers Arise - EXPERT CYBERSECURITY TRAINING FOR ETHICAL HACKERS
NEW No-Click Critical Vulnerability in Microsoft Windows: CVE-2025-21298 - Hackers Arise
Welcome back, my aspiring cyberwarriors! Over the years, Microsoft Windows operating system, the world's most widely used OS, has been riddled with security vulnerabilities. As the years have gone by and Microsoft has become more security conscience, the…
🔥2
Debugging SMM with JTAG: Part 2 #DebuggingSMM #JTAG #IntelTrace #SMMEntry #LBRTrace https://www.asset-intertech.com/resources/blog/2025/02/debugging-smm-with-jtag-part-2/
Disassembling a binary: linear sweep and recursive traversal #DisassemblingBinary #PEFileFormat #ReverseEngineering #InstructionSetArchitecture #InsPEctor https://nicolo.dev/en/blog/disassembling-binary-linear-recursive/
nicolo.dev
Disassembling a binary: linear sweep and recursive traversal
Building your own set of analysis tools is a great exercise for those who already have some basics and allows you to later move on to implement more targeted analyses in reverse engineering. Even just seeing how the different algorithms can be implemented…
Privilege Escalation in Active Directory Domain Services: CVE-2025-21293 Exploit Revealed with PoC Code #PrivilegeEscalation #ActiveDirectory #CVE2025 #PoCCode #MicrosoftPatch https://securityonline.info/privilege-escalation-in-active-directory-domain-services-cve-2025-21293-exploit-revealed-with-poc-code/
Daily CyberSecurity
Privilege Escalation in Active Directory Domain Services: CVE-2025-21293 Exploit Revealed with PoC Code
Discover the details of CVE-2025-21293, an elevation of privilege vulnerability in Active Directory that allows attackers to escalate privileges to SYSTEM.
0x04 - Introduction to Windows Kernel Write What Where Vulnerabilities #WindowsKernel #WriteWhatWhere #Exploitation #Vulnerability #ArbitraryWrite https://wetw0rk.github.io/posts/0x04-writing-what-where-in-the-kernel/
Blowfish
0x04 - Introduction to Windows Kernel Write What Where Vulnerabilities
First off, if you’re following the series from the start, great job getting past the Use After Free in the Windows Kernel!
🤯1
0x05 - Introduction to Windows Kernel Type Confusion Vulnerabilities #WindowsKernelVulnerabilities #TypeConfusion #Exploitation #MemoryCorruption #CodeExecution https://wetw0rk.github.io/posts/0x05-introduction-to-windows-kernel-type-confusion-vulnerabilities/
wetw0rk.github.io
0x05 - Introduction to Windows Kernel Type Confusion Vulnerabilities
ArgFuscator: a website to obfuscate commands #ArgFuscator #Obfuscation #Commands #Options #GitHub https://argfuscator.net
ArgFuscator
Generate obfuscated command-line arguments for common system-native executables now with ArgFuscator.
🤔1
How to prove false statements? (Part 2) #CryptographicEngineering #VerifiableComputation #FalseStatementProofs #FiatShamir #RandomOracle https://blog.cryptographyengineering.com/2025/02/06/how-to-prove-false-statements-part-2/
A Few Thoughts on Cryptographic Engineering
How to prove false statements? (Part 2)
This is the second part of a two three four-part series, which covers some recent results on “verifiable computation” and possible pitfalls that could occur there. This post won’t…
0x06 - Approaching Modern Windows Kernel Type Confusions #WindowsKernel #TypeConfusions #Exploitation #VirtualMemory #PagedMemory https://wetw0rk.github.io/posts/0x06-approaching-modern-windows-kernel-type-confusions/
Blowfish
0x06 - Approaching Modern Windows Kernel Type Confusions
In the last tutorial we exploited a Type Confusion within the Windows 7 (x86) Kernel.
Advisory: CVE-2024-55957 #CVE202455957 #ThermoScientific #PrivilegeEscalation #SecurityPatch #TierZeroSecurity https://tierzerosecurity.co.nz/2025/02/07/cve-2024-55957.html
Tier Zero Security
Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team
Windows Telephony Services: 2025 Patch Diffing & Analysis Part 1 #WindowsTelephonyServices #CVE2025 #TelephonyIntegration #PatchAnalysis #TAPIarchitecture https://blog.securelayer7.net/windows-telephony-services-2025-patch-diffing-and-analysis-pt-1/
SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management
Windows Telephony Services: 2025 Patch Diffing & Analysis Part 1
Introduction At the start of 2025, on January 14th, Microsoft released over 20+ CVEs addressing Remote Code Execution (RCE) vulnerabilities in Microsoft Telephony Services,...
Almost famous: behind the scenes of a feature that didn’t make the cut #ThinkstThoughts #FeatureCut #GhostServer #Canary #DeceptionTechnique https://blog.thinkst.com/2025/02/almost-famous-behind-the-scenes-of-a-feature-that-didnt-make-the-cut.html
Thinkst Thoughts
Almost famous: behind the scenes of a feature that didn’t make the cut
Introduction A counterintuitive truth is that great products are defined by both the features they include, as well as those they don’t. We spend a lot of time pondering potential new features for …
Systems Correctness Practices at AWS: Leveraging Formal and Semi-formal Methods #AWS #SystemsCorrectness #FormalMethods #TestingPractices #AWSInvestment https://dl.acm.org/doi/10.1145/3712057
Queue
Systems Correctness Practices at AWS: Leveraging Formal and Semi-formal Methods: Queue: Vol 22, No 6
Building reliable and secure software requires a range of approaches to reason about
systems correctness. Alongside industry-standard testing methods (such as unit and
integration testing), AWS has adopted model checking, fuzzing, property-based testing,…
systems correctness. Alongside industry-standard testing methods (such as unit and
integration testing), AWS has adopted model checking, fuzzing, property-based testing,…