CylancePROTECT contains a privilege escalation vulnerability due to the update service granting Users Modify permissions on the log folder, as well as any log file it writes. This allows any user to empty the folder and use it as a Mount Point, which can…

Blog about anti-virus software vulnerabilities.

New flaws and even more patches - "Spectre Next Generation" is just around the corner. According to information exclusively available to c't, researchers have already found eight new security holes in Intel processors.

Unit 42 examines recent Sofacy group activities including multiple attacks to government entities.

На конференции по компьютерной безопасности Ekoparty 2017 в Буэнос-Айресе аргентинский хакер Альфредо Ортега (Alfredo Ortega) показал очень интересную...

In this article, we'll get familiar with Cutter, a GUI for radare2, as well as analyze an advanced malware. In the end, we'll write a decryption script using r2pipe's Python bindings.

CloudFuzz is an integrated software framework for security based fuzzing. The end goal is to provide a workflow that will allow continuous fuzzing and generate reports of the software security…

Notes on various topics I'm interested in. Contribute to huku-/research development by creating an account on GitHub.

CVE-2018-8174 - VBScript memory corruption exploit. - 0x09AL/CVE-2018-8174-msf

I’ve been very excited to work with the new Hex-Rays Decompiler microcode API, and I’ve finally had the chance to sit down and build a useful plugin. This post describes the development…

In 2017, we encountered lots of samples that were ‘exploiting’ the implementation of Microsoft Word’s RTF parser to confuse all other third-party RTF parsers, including those used in anti-malware software.