Introduction Dynamic Data Exchange (DDE) is a data sharing protocol while the Dynamic Data Exchange Management Library (DDEML) facilitates sharing of data among applications over the DDE protocol. …

Gaining code execution using a malicious SQLite database Research By: Omer Gull tl;dr SQLite is one of the most deployed software in the world. However, from a security perspective, it has only been examined through the lens of WebSQL and browser exploitation.…

DEFCON 27 workshop - Modern Debugging with WinDbg Preview - hugsy/defcon_27_windbg_workshop

Discovering vulnerabilities in firmware through concolic analysis and function clustering. - ChrisTheCoolHut/Firmware_Slap

TL;DR; This blog post describes a technique to inject a DLL into a process using only Duplicate Handle process access (caveats apply) which ...

Posted by Tavis Ormandy, Security Research Over-Engineer. “Sometimes, hacking is just someone spending more time on something than anyo...

Offering researchers and partners access to data from Project Sonar, which conducts internet-wide surveys to gain insights into global exposure to common vulnerabilities.

A toolkit to attack Office365. Contribute to mdsecactivebreach/o365-attack-toolkit development by creating an account on GitHub.

Attackers can flood Tor's bridges with just $17k/month, Tor's load balancers for only $2.8k/month, academics say.

The official blog of team bi0s

In August 2019 Microsoft announced it had patched a collection of RDP bugs, two of which were wormable. The wormable bugs, CVE-2019-1181 & CVE-2019-1182 affect every OS from Windows 7 to Windows 10. There is some confusion about which CVE is which, though…

Windows - Weaponizing privileged file writes with the Update Session Orchestrator service - itm4n/UsoDllLoader

Check Point Research Vulnerability Repository

Contribute to v-p-b/kaspy_toolz development by creating an account on GitHub.

In the wake of the recent buzz and trend in using DDE for executing arbitrary command lines and eventually compromising a system, I asked myself « what are the coolest command lines an a…