SharePoint Pre-Auth Code Injection RCE chain CVE-2023-29357 & CVE-2023-24955 PoC - SharePwn_public.py

I got my hands on a new sample of Android/BianLian (sha256: 0070bc10699a982a26f6da48452b8f5e648e1e356a7c1667f393c5c3a1150865), a banking…

Malware Analysis and Threat Intelligence Research

Introducing a novel technique for e-mail spoofing

File syncing applications, while providing convenient solutions for seamless collaboration and data access within organizations, also pose…

On-premises to cloud lateral movement should be one of the top techniques in a red teamer’s arsenal. Difficult to detect and pervasive in nature, these techniques attract the likes of APT groups like Nobellium who have increased their focus on abusing identity…

There are 117 notable activities attributed to Lazarus and his family.

We introduce a new white-box cryptanalysis tool based on the pioneering BGE paper but without known open source public implementation so far.

As seen in most security blog posts today, binary diffing tools are essential for reverse engineering, vulnerability research, and malware analysis. Patch diffing is a technique widely used to identify changes across versions of binaries as related to security…

Abstract In recent years the interest in obfuscation has increased, mainly because people want to protect their intellectual property. Unfortunately, most of what’s been written is focused on the theoretical aspects. In this article, we will discuss the practical…