What a lovely week! An in-person RIPE meeting – Jan Žorž said to me over dinner “it immediately felt like home”, and I totally agree.Following some tradition I will summarize a few inte…

UPDATE: On June 3, 2022, Atlassian updated its security advisory with new information regarding a fix for Confluence Server and Data Center to address CVE-2022-26134. Users are encouraged to update immediately to […]

Executive summary LevelBlue Labs™ has been tracking a new IoT botnet dubbed “EnemyBot”, which is believed to be distributed by threat actor Keksec. During our investigations, LevelBlue Labs has discovered that EnemyBot is expanding its capabilities, exploiting…

A lot of blog posts I have read go over interesting vulnerabilities and exploits but do not typically share the process behind discovery. I want to show how sometimes just manually poking around can quickly uncover vulnerabilities you might miss with other…

The Google Chrome Releases blog provides CVE data one liners containing all the information needed to create a rich CVE data source. Google Chrome CVEs are plentiful and provide information for understanding Google Chrome security trends. Using the information…

Dynamic unpacker and import fixer for Themida/WinLicense 2.x and 3.x. - ergrelet/unlicense

Details regarding the recent Confluence OGNL (CVE-2022-26134) exploit were released to the public on June 3rd 2022. Shortly following this, Lacework Labs began seeing multiple attacks in the wild from both uncategorized and named threats. While this was expected…

Time Travel Debugging IDA plugin. Contribute to airbus-cert/ttddbg development by creating an account on GitHub.

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbit…

CVE-2022–30190 is a zero day vulnerability which has been discovered by the twitter account nao_sec.

Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.

A small collection of vulnerable code snippets . Contribute to snoopysecurity/Broken-Vulnerable-Code-Snippets development by creating an account on GitHub.

Disclaimer: Opinions expressed are solely my own and do not express the views or opinions of my current employer or any former employers.

WMI (Windows Management Instrumentation) is the Microsoft implementation of the Web-Based Enterprise Management (WBEM) and Common Information Model (CIM) standards from the Distributed Management Task Force (DMTF). This allows for a unified way…

WslinkVMAnalyzer is a tool to facilitate analysis of code protected by a virtual machine featured in Wslink malware - eset/wslink-vm-analyzer

By Vitali Kremez, Marley Smith & Yelisey Boguslavskiy This report is part one of AdvIntel’s new series on the ALPHV (aka BlackCat) ransomware group. In the upcoming part two, AdvIntel will hold an analytical lens on BlackCat’s organizational, recruitment…

Windows logs every action with a unique event ID. Security analysts can utilize these logs for threat hunting and enrich detections to identify attackers efficiently. Let's take a look at the different tools and Event IDs you can use for threat hunting