That title would have sounded very weird to me a year ago but that’s exactly what happened. Let me walk you through how we were approached by a client for a code review, had to find a zero day just to get started (CVE-2022-29856), and ultimately “decrypted…

In this post, we'll explain what we do to fight malicious relays in our network, how we did in the past, and what further improvements are upcoming and being worked on.

Malicious KQL Query: Malicious KQL query is injection technique, where attacker with targetable workspace resourceID can inject listener of access tokens in the query. The attacker then uses the ga…

Colibri Loader uses a novel method of Persistence which makes use of Get-Variable cmdlet to run its executable every time powershell is launched. Here we cover the method, why it works, and how to detect such TTPs.

Hi all,

Microsoft has discovered several vulnerabilities, collectively referred to as Nimbuspwn, that could be chained together, allowing an attacker to elevate privileges to root on many Linux desktop endpoints. Leveraging Nimbuspwn as a vector for root access could…

In one of the fastest ransomware cases we have observed, in under four hours the threat actors went from initial access, to domain wide ransomware. The initial access vector for this case was an Ic…

This article introduces VirtualBox research and explains how to build a coverage-based fuzzer, focusing on the emulated network device drivers. In the examples below, we explain how to create a harness for the non-default network device driver PCNet. The…

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could resul…

Emotet is back with a new spam campaign. And it's now spreading itself as a shortcut link file pretending to be Word document.

RW-Fuzzer: A Fuzzing Method for Vulnerability Mining on Router Web Interface

NahamSec, John Hammond & few other folks hosted a CTF this weekend. I solved Android challenges, the challenges were really fun. I decided…

This article describes how masscan works and why it is very fast.

Executive summary 2022 has experienced an increase in the number of wiper variants targeting Ukrainian entities. This blog post looks to explain how wipers work, what makes them so effective and provides a short overview of the most recent samples that appeared…

A read-only file system will not provide adequate protection to mitigate all vulnerabilities exploited via fileless malware techniques.

What is Ngrok? Ngrok is a program that allows you to access your private systems that are behind NAT or a firewall from the outside (internet). It's an encrypted TCP tunnel that provides an address that anyone can access from the internet, and then connects…

Unique source for malware vulnerability research, exploits, and threat intelligence. Track security flaws in malware and C2 infrastructure.

On April 15, 2022, @kagancapar posted a hoax vulnerability as CVE-2022-29072 in 7-zip. While not even a plausible description or demonstration of a vulnerability, multiple people were tricked by it. Let’s see who was tricked, and if they have made any updates…