BlackArrow is the offensive and defensive security services division of Tarlogic Security. A team of high level professionals

Beneath the surface, the modern web is made possible only through a growing labryinth of technology standards. Standards are designed to govern the interoper...

After getting a crash such that rbx was mangled... I spent the weekend adjusting and tweaking the malicious inputs to get it to work. It was honestly just trial n error so nothing clever on my part...

Late last year, I was invited to Facebook’s Bountycon event, which is an invitation-only application security conference with a live-hacking segment. Although participants could submit vulnerabilities for any Facebook asset, Facebook invited us to focus on…

To begin,this is a vulnerability that I found during a bug bounty engagement.I would split this into two parts, or two separate…

Overview RFCs have played a pivotal role in helping to formalise ideas and requirements for much of the Internet’s design and engineering. They have facilitated peer review amongst engineers,…

In this post, I dissect a common misconception about the SameSite cookie attribute and I explore its potential impact on Web security.
TL;DR ¶ The SameSite cookie attribute is not well understood. Conflating site and origin is a common but harmful mistake.…

It's 2020. Quarantines are everywhere – and here I'm writing about one, too. But this quarantine is of a different kind. In this article I'll describe the Linux Kernel Heap Quarantine that I developed for mitigating kernel use-after-free exploitation.

State of DNS Rebinding Attack & Prevention Techniques and the Singularity of Origin Gérald Doussot & Roger Meyer | DEF CON 27 Today we are going to discuss the current state of DNS rebinding including recent attack & prevention techniques. We will discuss…

This blog shares some ideas about detecting zero-days in the software supply chain even before they get flagged by your typical Software Composition Analysis (SCA) or Dependency checking tools. Also shares the proof of concept code to detect malicious behavior…

Hello fellas, or as we say in Germany: “Hallo Freunde der fettfreien Leberwurst.”

In today’s blog-post we´ll be talking about relaying attacks, or more precisely about NTLM relaying attacks. So let´s get started.

As you already know I am new to the pentest…

Since 2015 when java deserialization was a major threat, lots of patches and improvements has been introduced. How to approach testing for…

LibreNMS is an open source solution for network monitoring based on PHP, MySQL and SNMP. While reviewing its source code, we discovered a second-order SQL injection vulnerability, CVE-2020-35700, in the Dashboard feature.

Multiple vulnerabilities were found in the OneDev project ranging from pre-auth Remote Code Execution (RCE) to Arbitrary File Read/Write

Game Hacking Academy has 26 repositories available. Follow their code on GitHub.

CVE-2021-24071 is a patch bypass for CVE-2020-17120 “Microsoft SharePoint SPSqlDataSource Information Disclosure Vulnerability”. It allows an attacker to connect back to a rogue MySQL server and leak the web.config file for RCE if the MySQL driver is installed.

A few years ago I was asked to help on a red-team exercise in a company doing hardware R&D.