This post walks through the discovery process of the NVIDIA GeForce Experience OS command injection vulnerability, assigned to CVE-2019-5678.

Introduction Previous Research AMSI Example in C AMSI Context AMSI Initialization AMSI Scanning CLR Implementation of AMSI AMSI Bypass A (Patching Data) AMSI Bypass B (Patching Code 1) AMSI Bypass …

Backward Compatibility is Hard, and so is Stacked Impersonation by Simon Raner and Mitja Kolsek, the 0patch Team [Update 6/12/201...

Slides and material from 2019 Security Data Science Colloquium hosted by Microsoft - ramshans/2019-Security-Data-Science-Colloquium-

Hundreds of incredibly popular and widely deployed Java libraries & JVM compilers are still downloading their dependencies over HTTP with…

In this case study of OS X digital forensics, we were tasked to recover the version history of documents created using Apple’s TextEdit application.

Earlier this week, Microsoft issued patches for CVE-2019-1040, which is a vulnerability that allows for bypassing of NTLM relay mitigations. The vulnerability was discovered by Marina Simakov and Yaron Zinar (as well as several others credited in the Microsoft…

An API misconfiguration in the open-source version of the popular DevOps tool Docker Engine-Community allows attackers to infiltrate containers and run a variant of AESDDoS.

Interesting APT Report Collection And Some Special IOC - blackorbird/APT_REPORT

Cheatsheet containing a variety of commands and concepts relating to digital forensics and incident response.

The Alternative Fileless File System. Contribute to SafeBreach-Labs/AltFS development by creating an account on GitHub.

It looked like a simple XSS in the Outlook Android app, but the app developers couldn’t reproduce it so they didn’t fix it. Then things got interesting. Here’s the story of how I discovered CVE-2019-1105.