Hey Hackers, ✋✋

backdooring exe files, backdooring PE file, backdoor windows executable, fully undetectable backdoor, encoding shellcode, FUD,codecaves,

Crucial's Ballistix MOD Utility v.<= 2.0.2.5 is affected by multiple Privilege Escalation (LPE) vulnerabilities in the MODAPI.sys driver.

This is the story of how I created a botnet of IPTVs to rickroll 10,000+ students for my senior prank.

Tl;dr: There’s a special flag you can add to a process’s proc structure. Any child process then spawned by the process will be loaded into…

keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue was discovered where this library was generating identical RSA keys used in SSH. This would mean that the library…

Background This weekend I was doing some HTB machines to prepare for the OSWE certification. One of the recommended machines was Writeup. This machine is vulnerable to CVE-2019-9053 which has a corresponding exploit on Exploit-DB.

In June of 2021, Microsoft released a patch to correct CVE-20 21-264 20 – a remote code execution bug in the supported versions of Microsoft SharePoint Server. This bug was reported to the ZDI program by an anonymous researcher and is also known as ZDI…

By Sergi Martinez In late June, we published a blog post containing analysis of exploitation of a heap-buffer overflow vulnerability in Adobe Reader, a vulnerability that we thought corresponded to CVE-2021-21017. The starting point for the research was a…

This post attempts to explore the security and privacy concerns related with vaccine credential systems, by way of threat modelling and exploring the various risks and attacks conceivable against such systems.... Furthermore, we'll look at these concerns…

In June of 2021, Microsoft released a patch to correct CVE-20 21-264 20 – a remote code execution bug in the supported versions of Microsoft SharePoint Server. This bug was reported to the ZDI program by an anonymous researcher and is also known as ZDI…

Ready to use prioritized Vulnerability Remediation requirements, to: Make sure the Information Security team is responsible for incident response,

Statistics on ransomware attacks in the CIS and technical descriptions of Trojans, including BigBobRoss/TheDMR, Crysis/Dharma, Phobos/Eking, Cryakl/CryLock, CryptConsole, Fonix/XINOF, Limbozar/VoidCrypt, Thanos/Hakbit and XMRLocker.

ESET researchers discover and analyze ESPecter, a previously undocumented UEFI bootkit with roots that go back all the way to at least 2012.

Research by : Dikla Barda, Roman Zaikin & Oded Vanunu   During the past few weeks, Check Point researchers spotted various cases where people tweeted reports claiming they lost their crypto wallet balance, while receiving a free gift on the OpenSea market…