Ghidra’s decompiler, while not perfect, is pretty darn handy. Ghidra’s user interface, however, leaves a lot to be desired. I often find…

Windows Tokens are used for authentication and assigning privileges to windows programs. Understanding token manipulation is essential to detect malicious behaviours. Security professionals can use the wintoken library for token manipulation.

Title A vulnerability in Linux kernel mainline v5.18-rc1 through v5.19-rc6 does not clear statically allocated variables in the block starting symbol (.bss) due to a failed early_xen_iret_patch leading to an asm_exc_page_fault, or arbitrary code execution…

In this post I’ll exploit CVE-2022-20186, a vulnerability in the Arm Mali GPU kernel driver and use it to gain arbitrary kernel memory access from an untrusted app on a Pixel 6. This then allows me to gain root and disable SELinux. This vulnerability highlights…

Recently, there was a GET Flooding Attack-type DDoS attack case on a web services company for about 20 hours. Various attack traffic was detected on the login page, which caused a serious load on the server and ultimately paralyzed the entire login function.…

This article discusses weaponizing NtCreateUserProcess so that it can be used on defended environments in a way that is reliable and useful.

An in-depth analysis of Matanbuchus loader’s tricks and loading techniques Matanbuchus is a Malware-as-a-Service loader that has been sold on underground markets for more than one year....

Disclaimer: as many other security researchers […]

RedLine is a stealer distributed as cracked games, applications, and services. See how this malware affected FileZilla, Telegram, and more.

When using DNS in the Cloud, security cannot be forgotten. Learn more about security best practices for DNS in the Cloud

Cryptominers are one of the main cloud threats today. Detecting crypto miners is a complex task, but machine learning could help to develop a robust detection algorithm.

This post covers an interesting vulnerability we (Jayden and David) found in the io_uring subsystem of the Linux kernel.

After months of dedicated research we cover a wide range of concealed code execution techniques and investigate their mechanisms and how to detect them.

The attackers were able to penetrate dozens of enterprises and even hijack the IT infrastructure of some, taking control of systems used to manage security solutions. The goal of this series of attacks was cyberespionage.

An analysis of three in-the-wild payloads delivered using the Follina exploit shows how attackers can boost efforts to avoid detection by security tools. 

Blackhat 2022, on its 25th anniversary, took place this week in Las Vegas, and also in its virtual format.

Research By: Slava Makkaveev Introduction Have you ever wondered if it is safe to make payments from a mobile device? Can a malicious app steal money from your digital wallet? According to the latest statistics, the Far East and China accounted for two-thirds…