We disclosed several GKE Autopilot vulnerabilities and attack techniques to Google. The issues are now fixed – we provide a technical analysis.

Google's security researcher, Tavis Ormandy, recently uncovered a critical vulnerability affecting AMD Zen2 CPUs. This flaw, tracked as CVE-2023-20593, could

A secret encryption cipher baked into radio systems used by critical infrastructure workers, police, and others around the world is finally seeing sunlight. Researchers say it isn’t pretty.

PE obfuscator with Evasion in mind needs Admin Privilege in order to load the RTCore64 driver. Drop RTCore64 to the disk

Derailed starts with a Ruby on Rails web notes application. I’m able to create notes, and to flag notes for review by an admin. The general user input is relatively locked down as far as cross site scripting, but I’ll find a buffer overflow in the webassembly…

Note: The objective of this research or any similar researches is to improve the nodejs ecosystem security level.
Recently i was working on a related project using one of the most popular Nodejs templating engines Embedded JavaScript templates - EJS
In my…

first part in a two-part series going over a heap overflow in MiniDLNA, a media server commonly deployed in embedded environments. this post provides a summary and root cause analysis of the vulnerability.

second part in a two-part series going over heap overflow in MiniDLNA (CVE-2023-33476). this post provides a walkthrough of steps taken to write an exploit for this vulnerability in order to achieve remote code execution and pop a shell.

Curious exactly what happens when you run a program on your computer? Learn how multiprocessing works, what system calls really are, how computers manage memory with hardware interrupts, and how Linux loads executables.

They're really a uniqueness identifier.

bypass most PHP filters using only base64

Welcome to the third and final installment of the “Chrome Browser Exploitation” series. The main objective of this series has been to provide an introduction to browser internals and delve into the topic of Chrome browser exploitation on Windows in greater…

This article explains what Cross-Site Leaks (XS-Leaks or XSLeaks) are, as well as providing an example attack, along with mitigation options for application developers and systems administrators.

This post discusses security concerns and two vulnerabilities in Harmony and oByte, two browser extensions that serves as a cryptocurrency software wallet.

The subscription-based, generative AI-driven offering joins a growing trend toward "generative AI jailbreaking" to create ChatGPT copycat tools for cyberattacks.

Cloud cryptojacking uses computing power to mine cryptocurrency and could result in financial loss to targeted organizations.