In June 2020, I found a stored XSS bug that could allow an attacker to steal user email conversations, contacts in mail.ru and myMail iOS…

A newly discovered LOLBin offers an alternative to certutil for helping adversaries download files from a remote server. Meet desktopimgdownldr.exe.

Today, we will be looking at the “Connected User Experiences and Telemetry service,” also known as “diagtrack.” This article is quite heavy on NTFS-related terminology, so you’ll need to have a good understanding of it.

The Official DEF CON Team Village continues to have an amazing lineup of speakers and presentations! The talks range from introductory topics of Red Teaming and Ethical Hacking to very advanced techniques and tactics. Speakers go over how they try to mimic…

A repository where I share my injection implemintations - DanusMinimus/Injections

Palantir’s recommendations for defending your network

Contribute to dalvarezperez/CreateFile_based_rootkit development by creating an account on GitHub.

Make every part of your business more resilient.

Legitimate Un-signed Code Execution

I indexed all Windows files which appear in Windows update packages, and created a website which allows to quickly view information about the files and download some of them from Microsoft servers. The files that can be downloaded are executable files (currently…

Research by: Sagi Tzadik Introduction DNS, which is often described as the “phonebook of the internet”, is a network protocol for translating human-friendly computer hostnames into IP addresses. Because it is such a core component of the internet, there are…

Latest News from Security Journey

Describing all the techniques for attacking MS Exchange in Q2 2020 and introducing a new one: the LDAP via Exchange attack

Purple Teaming Attack & Hunt Lab - Terraform. Contribute to DefensiveOrigins/APT-Lab-Terraform development by creating an account on GitHub.