ShadowDumper: Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming #ShadowDumper #LSASSMemory #PenetrationTesting #RedTeaming #GitHubProject https://github.com/Offensive-Panda/ShadowDumper
GitHub
GitHub - Offensive-Panda/ShadowDumper: Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration…
Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advanced techniques to dump memory, allowing to access sensitive da...
Reproducing CVE-2024-10979: A Step-by-Step Guide #ReproduceCVE202410979 #StepByStepGuide #SAPSecurity #Vulnerability #EducationalPurposes https://redrays.io/blog/reproducing-cve-2024-10979-a-step-by-step-guide/
RedRays - Your SAP Security Solution
Reproducing CVE-2024-10979: A Step-by-Step Guide
Discover how to reproduce CVE-2024-10979, a vulnerability in PostgreSQL's trusted PL/Perl, through this detailed step-by-step guide. Learn about the security implications and the importance of applying patches to safeguard your database systems.
Everyday Ghidra: Ghidra Data Types — Creating Custom GDTs From Windows Headers — Part 2 #Ghidra #CustomGDT #WindowsHeaders #ReverseEngineering #DataTypes https://medium.com/@clearbluejar/everyday-ghidra-ghidra-data-types-creating-custom-gdts-from-windows-headers-part-2-39b8121e1d82
Medium
Everyday Ghidra: Ghidra Data Types — Creating Custom GDTs From Windows Headers — Part 2
Ghidra, developed by the NSA, is a powerful reverse engineering tool known for its versatility. One standout feature is its ability to…
🔥2
Cross-Site POST Requests Without a Content-Type Header #CSRFprotection #POSTrequest #ContentTypeHeader #SecurityVulnerability #CrossSiteRequests https://nastystereo.com/security/cross-site-post-without-content-type.html
The Ultimate Handheld Hacking Device - My Experience with NetHunter #HandheldHacking #NetHunterExperience #OnePlus7TSetup #KaliAndroid #MobileSecurity https://andy.codes/blog/security_articles/2024-11-27-the-ultimate-handheld-hacking-device.html
andy.codes
2024-11-27 - The Ultimate Handheld Hacking Device - My Experience with NetHunter - Andy's Cave
This page is a collection of my security research, and other infosec-related activities.
Stealth in the Cloud: How APT36's ElizaRAT is Redefining Cyber Espionage #APT36 #ElizaRAT #CyberEspionage #CloudStealth #SaaSsec2024 https://www.reco.ai/blog/how-apt36-elizarat-redefines-cyber-espionage
Introduction to Fuzzing Android Native Components #FuzzingAndroidComponents #ApplicationSecurity #AFL++ #QEMU #NativeCode https://blog.convisoappsec.com/en/introduction-to-fuzzing-android-native-components/
Conviso AppSec
Introduction to Fuzzing Android Native Components
Discover how fuzzing can identify critical vulnerabilities in native Android components, strengthening device security.
👍1
Android's CVE-2020-0238 (AccountTypePreferenceLoader) #AndroidSecurity #Vulnerability #ElevationOfPrivilege #BugAnalysis #ExploitOpportunity https://pwner.gg/blog/Android's-CVE-2020-0238
( ͡◕ _ ͡◕)👌
Android's CVE-2020-0238 (AccountTypePreferenceLoader)
Note: This is part of my @vr_progress journal. Also, subscribe to my new @SideQuest_256 channel and I might post videos about the Android journey too :D This is a story about how I wasted my weekend over a bug that was categorized as a High/EoP but then couldn’t…
🔥1
Eclipse: Activation Context Hijack #Eclipse #ActivationContextHijack #DLLInjection #MaliciousAC #CodeExecution https://github.com/Kudaes/Eclipse
GitHub
GitHub - Kudaes/Eclipse: Activation Context Hijack
Activation Context Hijack. Contribute to Kudaes/Eclipse development by creating an account on GitHub.
Happy New Year! Here's to a 2025 where exploits cry, malware breaks, and vulnerable software finally learns to behave. Cheers to keeping things interesting and reversed!
🎉9
MSSQL Identified as Vulnerable to Emoji String Exploitation #MSSQLvulnerability #emojiexploitation #securityassessment #Unicodehandling #vulnerabilityanalysis https://decrypt.lol/posts/2024/11/29/mssql-identified-as-vulnerable-to-emoji-string-exploitation/
Decrypt LOL
MSSQL Identified as Vulnerable to Emoji String Exploitation
Microsoft SQL Server has been found to treat a goblin emoji as equivalent to an empty string, potentially leading to security vulnerabilities in applications that utilize it.
The fascinating security model of dark web marketplaces #darkwebsecurity #deepdiving #fascinatingmodel #evanboehs #technicalcuriosity https://boehs.org/node/dark-web-security
boehs.org
The Fascinating Security Model of Dark Web Marketplaces
Captchas, Monero, Scams and absolutely no JavaScript
ICP-Brasil: Mis-issued certificate #ICPBrasil #MisissuedCertificate #MozillaHome #Privacy #Cookies https://bugzilla.mozilla.org/show_bug.cgi?id=1934361
bugzilla.mozilla.org
1934361 - ICP-Brasil: Mis-issued certificate
RESOLVED (bwilson) in CA Program - CA Certificate Compliance. Last updated 2025-02-14.
0x00 - Introduction to Windows Kernel Exploitation # WindowsKernelExploitation #WinDbg #HEVD #ExploitDevelopment #TokenStealing https://wetw0rk.github.io/posts/0x00-introduction-to-windows-kernel-exploitation/
wetw0rk.github.io
0x00 - Introduction to Windows Kernel Exploitation
🔥2
Cybercriminals Use NFC Relay to Turn Stolen Credit Cards into Cash without a PIN #Cybercriminals #NFCRelay #StolenCreditCards #CashWithoutPIN #MobileHacker https://www.mobile-hacker.com/2024/12/02/cybercriminals-use-nfc-relay-to-turn-stolen-credit-cards-into-cash-without-a-pin/
Mobile Hacker
Cybercriminals Use NFC Relay to Turn Stolen Credit Cards into Cash without a PIN Mobile Hacker
ThreatFabric has identified a new cash-out tactic that wasn’t seen before called “Ghost Tap”, which cybercriminals use to exploit stolen credit card details linked to mobile payment services like Google Pay and Apple Pay. This method involves relaying NFC…
The Day We Unveiled the Secret Rotation Illusion #ClutchRotationIllusion #NHISecurity #ZeroTrust #EphemeralCredentials #NewSecurityStrategies https://www.clutch.security/blog/the-day-we-unveiled-the-secret-rotation-illusion
Clutch Security
The Day We Unveiled the Secret Rotation Illusion
Explore how Clutch Security debunks the myth of secret rotation, revealing how fast attackers exploit NHIs, and learn why Zero Trust is key…
😱2
Breaking Down Adversarial Machine Learning Attacks Through Red Team Challenges #AdversarialAI #RedTeamChallenges #EvasionAttacks #NeuralNetworks #GradientDescent https://boschko.ca/adversarial-ml/
Boschko Security Blog
Breaking Down Adversarial Machine Learning Attacks Through AI/ML Red Team Challenges
Explore adversarial attacks on AI/ML models through hands-on challenges on Dreadnode’s Crucible CTF platform.
OAuth Labs: OAuth 2.0 Vulnerabilites #OAuth2.0 #Training #SecurityAwareness #Cybersecurity #CommunityEngagement https://cyllective.com/blog/posts/oauth-labs
Cyllective
OAuth Labs: OAuth 2.0 Vulnerabilites
Introducing our latest project: the OAuth Labs. A hands-on approach to OAuth 2.0 vulnerabilities
CloudGoat Official Walkthrough Series: ‘sqs_flag_shop’ #CloudGoat #Walkthrough #sqs_flag_shop #PenetrationTesting #RhinoSecurityLabs https://rhinosecuritylabs.com/research/cloudgoat-walkthrough-sqs_flag_shop/
Rhino Security Labs
CloudGoat Official Walkthrough Series: ‘sqs_flag_shop’
This post walks through a new CloudGoat scenario, sqs_flag_shop in AWS.
CSPT the Eval Villain Way! #CSPT #EvalVillain #Exploit #BugFinding #SecurityEngineers https://blog.doyensec.com/2024/12/03/cspt-with-eval-villain.html
Doyensec
CSPT the Eval Villain Way!
Doyensec’s Maxence Schmitt recently built a playground to go with his CSPT research. In this blog post, we will demonstrate how to find and exploit CSPT bugs with Eval Villain. For this purpose, we will leverage the second challenge of Maxence’s playground.
flare-vm: A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM. #flare-vm #reverseengineering #windows #setup #softwareinstallation https://github.com/mandiant/flare-vm
GitHub
GitHub - mandiant/flare-vm: A collection of software installations scripts for Windows systems that allows you to easily setup…
A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM. - mandiant/flare-vm