These are notes about all things focusing on, but not limited to, red teaming and offensive security.

Malware Theory - PE Malformations and Anomalies : https://t.co/dvmSQuyoZq Basic Structure of PE Files : https://t.co/fqRWJR6xjZ Memory Mapping of PE Files : https://t.co/6t6Ujh5xzt Oligomorphic, Polymorphic and Metamorphic Viruses : https://t.co/pYlaAQQ78C…

A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group

red team, blue team, penetration testing, red teaming, threat hunting, digital forensics, incident response, cyber security, IT security

CVE-2019-0232 is a vulnerability in Apache Tomcat that could allow attackers to execute arbitrary commands by abusing an operating system command injection brought about by a Tomcat CGI Servlet input validation error.

For all these times you're asking yourself "what is this panel again?" - misterch0c/what_is_this_c2

This post walks through the processes of building a passive IMSI catcher. The purpose of this post is to be educational - to highlight the ease of which these devices can be built, and to practically show how privacy is already being compromised today.

List of Awesome Advanced Windows Exploitation References - yeyintminthuhtut/Awesome-Advanced-Windows-Exploitation-References

What computer do you use? Who made it? Have you ever thought about what came with your computer? When we think of Remote Code Execution (RCE) vulnerabilities in mass, we might think of vulnerabilities in the operating system, but another attack vector to…

The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL) - JoeyRentenaar/Office-365-Extractor

All malwares are equals, but some malware are more equals than others Joxean Koret

Adobe Reader progress One year ago I blogged about my many attempts and failures at fuzzing Adobe Reader and finding exploitable security issues.

This is a tale of how we found a wormable XSS on Twitter, and how we managed to fully bypass its CSP policy.