Analysis and exploitation of Linux kernel vulnerabilities CVE-2022-1015 and CVE-2022-1016. I talk about how I found these vulnerabilities, explain the internals of nf_tables and come up with an local privilege escalation exploitation strategy.

Rip Raw is a small tool to analyse the memory of compromised Linux systems. It is similar in purpose to Bulk Extractor

Journey through this post to see how KASLR was previously bypassed on Windows 10, as well as tips on how to look for such bypasses

Introduction It’s been a while since I’ve done one of these, and one of my goals this year is to do more so here we are. A side project of mine is kind of reaching a good stopping point so I’ll have more free-time to do my own research and blog again. Looking…

The Pritunl VPN Client service is vulnerable to an arbitrary file write as SYSTEM on Windows.

Cyble Research Labs analyzes Borat , a sophisticated RAT variant that boasts a combination of Remote Access Trojan, Spyware, Ransomware and DDoS capabilities.

This blog analyzes the “Win32k Window Object Type Confusion” that abuses the CVE-2022-21882 vulnerability. It’s based on the existing Proof of Concept (POC), which is both interesting and quite complex. It can be treated as an interactive guide to be used…

Post-exploitation tooling is becoming increasingly sophisticated and often evades detection by EDRs, meaning sometimes we will not be able to detect when an attacker is able to load his code into memory. Here's a way to detect artifacts that are already loaded…

Best of Nmap Cheat Sheet Credit: @stationx #infosec #cybersecurity #pentesting #oscp #informationsecurity #hacking #cissp #redteam #technology #DataSecurity #CyberSec #Hackers #tools #bugbountytips #Linux #websecurity #Network #NetworkSecurity

On 7th March’22, security researcher Max Kellermann published the vulnerability nicknamed ‘Dirty-Pipe’ which was assigned as CVE-2022-0847. This vulnerability affects the Linux kernel.

Exploiting CVE-2022-0778 in a WebRTC context requires that you get a few things right first. But once that is sorted, DoS (in RTC) is the new RCE!

Memory corruption vulnerabilities have been well known for a long time and programmers have developed various methods to prevent them. One type of memory corruption that is very hard to prevent is the use-after-free and the reason is that it has too many…

An nginx Zero-Day RCE issue was identified in the nginx LDAP-auth daemon implementation, which was briefly leaked.

In this article, I learn how to use Open Source Intelligence (OSINT) techniques to identify a number of identifiers and other pieces of…

Introduction Geopolitical tensions often make headlines and present a golden opportunity for threat actors to exploit the situation, especially those targeting high-profile victims. In the past month while the Russian invasion of Ukraine was unfolding, Check…

Darktrace has acquired Cado security, a cyber investigation and response solution provider and leader in cloud data capture and forensics.