Now that 2024 has come to its conclusion, I’ve decided to kick off a post outlining some observations, trends, and insights for the CVEs published. As always more information is available in …

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gatewa…

Claroty Team82 used QEMU to emulate the relevant system components of Planet Technology Corp’s WGS-804HPT Industrial switch, and uncovered three vulnerabilities that could allow an attacker to remotely execute code on a vulnerable device. The vulnerabilities…

oddlama's personal web page and blog

Recently I came across a fantastic new paper by a group of NYU and Cornell researchers entitled “How to think about end-to-end encryption and AI.” I’m extremely grateful to see th…

Summary A vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. To exploit this vulnerability, an attacker must first obtain the ability to execute low-privileged code on the target system. The specific…

Floats in C are weird. Floating point number rounding and NaN shenanigans to bypass security protections.

Because we can!

Interested in Anti-Cheat analysis? I highly recommend checking out Guided Hacking’s Anti-Cheat section. I’ve been reversing Black Ops Cold War for a while now, and I’ve finally decided to share my research regarding the user-mode anti-cheat inside the game.…

Technical blog by Stephan Berger (@malmoeb)

Team82 investigated what CISA labeled a backdoor in the Contec CMS8000 patient monitoring system and concluded that instead, the decision to include a hardcoded IP address is instead an insecure and risky design choice on the part of the vendor.

Summary A vulnerability in Palo Alto Expedition allows remote attackers who can reach the web interface to execute arbitrary code. Credit An independent security researcher working with SSD Secure Disclosure. Vendor Response Palo Alto has released the following…

In this post, I will introduce the "cookie sandwich" technique which lets you bypass the HttpOnly flag on certain servers. This research follows on from Bypassing WAFs with the phantom $Version cookie

Are you like me, struggling to get your head around terms like symmetric encryption, asymmetric encryption, public key, private key…

Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform - research.md

The Oligo research team has discovered a critical vulnerability in meta-llama, an open source framework from Meta for building and deploying GenAI applications.

Yesterday we discovered another client-side JavaScript attack targeting +500 websites, including governments and universities. The injected scripts create hidden links in the Document Object Model (DOM), pointing to external websites, a programming interface…

WinVisor is a hypervisor-based emulator for Windows x64 user-mode executables that leverages the Windows Hypervisor Platform API to provide a virtualized environment for logging syscalls and enabling memory introspection.