Cyber threat actor UAC-0099 has been actively targeting Ukraine since mid-2022, according to insights from the Deep Instinct Threat Lab

Problem Statement You attempt to analyze a binary file compiled in the Rust programming language. You open the file in your favorite disassembler. Twenty minutes later you wish you had never been born. You’ve trained yourself to think like g++ and msvc: Here’s…

Understanding the basics of user mode EDR hooking, common bypass techniques, and their limitations.

Researchers issued CVE-2023-42465 for SUDO for this vulnerability. This flaw classified as critical has been found in sudo up to 1.9.14.

TL;DR

ThreatFabric detected "Chameleon," a banking trojan first identified in early 2023. This malicious entity, thriving in the digital ecosystem

Redirect spawned iOS application stdout and stderr to pty - NSEcho/fnoios

Dubbed Operation RusticWeb, this campaign, uncovered in October 2023, demonstrates a nuanced approach to cyber espionage.

An introduction to Ghidra's primary components and the information they provide

Parsing MSDN to discover potentially abusable APIs

Recent iPhone models have additional hardware-based security protection for sensitive regions of the kernel memory. We discovered that to bypass this hardware-based security protection, the attackers used another hardware feature of Apple-designed SoCs.

CVE-2023-43177 is a critical vulnerability in CrushFTP. The vulnerability could potentially allow unauthenticated attackers with network access to the CrushFTP Instance to write files in the local file system and eventually in some versions could allow the…

In 2014 Google researchers discovered strange interference between memory locations in DDR3, DDR4, and DDR5 Random Access Memory (RAM.) On…

Learn how Bishop Fox built a POC exploit for the pre-authentication remote code injection vulnerability in the Fortinet SSL VPN published by Lexfo.

BPF Memory Forensics with Volatility 3 Introduction and Motivation Have you ever wondered how an eBPF rootkit looks like? Well, here’s one, have a good look:
Upon receiving a command and control (C2) request, this specimen can execute arbitrary commands on…

The HAFNIUM threat actor is using an unconventional method to tamper scheduled tasks in order to establish persistence via modification of registry keys in their malware called Tarrask. The benefit…

Sometimes, making particular security design decisions can have unexpected consequences. For security-critical software, such as password managers, this can easily lead to catastrophic failure: In this blog post, we show how Bitwarden’s Windows Hello …

A reconnaissance framework for researching and investigating Telegram. - GitHub - sockysec/Telerecon: A reconnaissance framework for researching and investigating Telegram.

Python has dominated over other programming languages over the decade and it keeps growing with the support of its open […]