Team Nautilus has recently discovered a vulnerability in Node.js that can lead to DLL hijacking on Windows via npm CLI if OpenSSL is installed on the host

Identifying and Parsing Cobalt Payloads

What happens when you run an executable on your Windows machine? This blog provides a brief overview and the flow for creating a Windows Process, the APIs and structures involved, and the Process Internals.

This post is going to be too ambitious probably: I want to introduce you to
reversing C++ code, applying this knowledge in particular to Qt
applications and since we are at it, explaining some ghidra

You will learn the fundamentals of user mode asynchronous procedure calls in this post, as well as how to use them to inject shellcode into a remote process thread to obtain a reverse shell.

Welcome to a tutorial on building your first LLVM based obfuscator. In this post we will list the advantages of using LLVM tools, briefly…

MoqHao (aka Wroba) is an Android Remote Access Trojan (RAT) with information-stealing and backdoor capabilities that likely spreads via SMS.

About This Blog Post This blog post is a technical report of a presentation that I presented on June 10, 2022 for the second task of my Mobile Security course. I decided to investigate how WhatsApp backs up messages to the cloud with the “end-to-end encrypted…

ALPHV/BlackCat is the first widely known ransomware written in Rust. The malware must run with an access token consisting of a 32-byte value (--access-token parameter), and other parameters can be specified. Learn about its particular behaviors.

Introduction In this blog post we will be demonstrating a new feature to the Dalvik Inspector tool, which we are planning on releasing this summer at Black Hat USA. Specifically we have added functionality to the Dalvik Inspector GUI for automatic Volatility…

NOTE: parts of this article describe steps by which the order of encryption methods are reversed to render encrypted data in clear-text. This was done in order to investigate the app being discusse…

Zero-day vulnerability in Google Chrome discovery

RedSense Cyber Threat Intelligence provides products and services to many of the world’s most sophisticated corporate threat intelligence departments and security organizations. As companies rethink their intelligence frameworks for greater efficacy and cost…

we all know how C programs is get compiled.
first your C file goes to the compiler, then compiler convert it into sequence of operation that will be executed by computer each operation compiled into sequence of bytes called operation code or OP code Why Assembly…

At the beginning of this month, GitLab released a security patch for versions 14->15. Interestingly in the advisory, there was a mention of a post-auth RCE bug with CVSS 9.9.
The bug exists in GitLab’s Project Imports feature, which was found by @vakzz. Incidentally…

Introduction Its no secret that MDSec provides a commercial command-and-control framework with a focus on evasion for covert operations. With this in mind, we are continuously performing on-going R&D in...

All things cyber

APTs regularly target and pose as journalists and media organizations to advance their state-aligned initiatives. Learn more about Proofpoint's research.

Introduction Check Point Research uncovers a recent Iranian-based spear-phishing operation aimed against former Israeli officials, high-ranking military personnel, research fellows in research institutions, think tanks, and against Israeli citizens. The attacks…