Ruby on Railsで使われているDeserializeとその危険性について調べたものをまとめました。

Introduction

Hi everyone, in this article, I'll explain how to fuzz WebSocket messages using Burpsuite. I'll try to explain all things in detail yet more clearly.
This article will cover:

🚪 Introduction to WebSocket

⚙️ DVWS lab setup

📜 Ws-Harness script

⚙️...

In this article we discuss a vulnerability in the trial version of WinRAR which has significant consequences for the management of third-party software. This vulnerability allows an attacker to intercept and modify requests sent to the user of the application.…

Open Management Infrastructure Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38645, CVE-2021-38649

Mimikatz provides the opportunity to leverage kernel mode functions through the included driver, Mimidrv. Mimidrv is a signed Windows…

Introduction Windows 10 is an incredibly feature rich Operating System (OS).  In the last four years, the innovative folks at Microsoft have continued to introduce and expand functionality as well...

 Hello All! Long time since I have posted here :) As most of you know I am planning on writing up a lot of my research I have done through M...

Contribute to zeronetworks/rpcfirewall development by creating an account on GitHub.

Modern web applications typically rely on chains of multiple servers, which forward HTTP requests to one another. The attack surface created by this forwarding is increasingly receiving more attention, including the recent popularisation of cache poisoning...

Hi, my name is Alex, I’ve been an IT security professional since 2007 and I’ve recently entered the start-up world with my project bughuntr.io. In putting together this project, security has been a primary concern for me. This is both due to my background…

Skrull is a malware DRM. It generates launchers that can run malware on the victim using the Process Ghosting technique

Exploiting a heap overflow in the TIPC subsystem of the Linux kernel. In this post we’ll exploit a N-day vulnerability (CVE-2021-43267) originally discovered by Max van Amerongen.

Note: Another researcher recently tweeted about the technique discussed in this blog post, this is addressed in the last section of the blog (warning, spoilers!). To access information about a running process, developers generally have to open a handle to…