(6 Months later CZAT 7 Server is offline or changed to another ip address , this post was written 6 months ago, published today 9/2/2024)

Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team

Hacking Hackers - Even the software used by teams of offensive security professionals is prone to standard web application vulnerabilities.

Recently Doyensec was hired by a client offering a “Communication Platform as a Service”. This platform allows their clients to craft a customer service experience and to communicate with their own customers via a plethora of channels: email, web chats, social…

I’ve recently been working on some exciting development projects, including a deep dive into archive extraction. During this work, I discovered some fascinating behaviours that I’m thrilled to share with you in the following sections.

In this post, we demonstrate two techniques allowing a low privileged user to escalate their privileges to root in case they can run iptables and/or iptables-save as

a post going over 4 exploits for CVE-2024-20017, a remotely exploitable buffer overflow in a component of the MediaTek MT7622 SDK.

Are you tired of compromising your privacy and security when sharing files online? What if there was a way to transfer data that was not only secure and efficient but also put you in complete control? Imagine a file sharing solution that combines cutting…

In this blog, we’ll dive into how Heartbleed works, the vulnerable code and how to exploit it.

After attending the OST2 – Exp4011 […]

Introduction Memory management in XNU Page tables Physical use-after-free Exploitation strategy Heap spray Kernel memory read/write Conclusion Bonus: arm64e, PPL and SPTM

On June 11th, 2024, we discovered a set of vulnerabilities in Kia vehicles that allowed remote control over key functions using only a license plate. These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, regardless…

This blog is about two chained bugs: Stage one is a DLL Hijacking bug caused by the remapping of ROOT drive and stage two is an Activation Cache Poisoning bug managed by the CSRSS server.

In this blog post, we will explore how we can exploit CNEXT, but blind, covering the cases where we have a file read primitive, but cannot get the output.

Introduction Unidbg is an open-source framework to emulate Android native libraries (and to a certain extent has experimental iOS emulation capabilities). There are a few use cases where emulating Android libraries is beneficial. I will cover a single use…

Zimbra, a widely used email and collaboration platform, recently released a critical security update addressing a severe vulnerability in its postjournal service. This vulnerability, identified as CVE-2024-45519, allows unauthenticated attackers to execute…

Hi after going through all the Black Hat and DEFCON web security researches in 2024 , I noticed that the easiest way to break web apps is…