Exploring Heap Exploitation Mechanisms: Understanding the House of Force Technique #HeapExploitation #HouseOfForce #MemoryAllocation #HeapChunks #ReallocationMechanism https://www.darkrelay.com/post/exploring-heap-exploitation-mechanisms-understanding-the-house-of-force-technique
DarkRelay
Exploring Heap Exploitation Mechanisms: Understanding the House of Force Technique
Heap exploitation techniques like House of Force demonstrate the complexities and risks associated with memory management systems.
🔥2
CRLF injection via TryAddWithoutValidation in .NET #CRLF #Injection #TryAddWithoutValidation #.NET #BinarySecurityAS https://binarysecurity.no/posts/2025/01/tryaddwithoutvalidation
Binary Security AS
CRLF injection via TryAddWithoutValidation in .NET
Binary Security was awarded two CVEs (CVE-2024-45302 and CVE-2024-51501) for header injection vulnerabilities in the RestSharp and Refit .NET libraries. This blog post outlines the research which lead to discovering these vulnerabilities.
I Found a Game Exploit That Lets Hackers Take Over Your PC #GameExploit #PCSecurity #RCEVulnerability #PS5Security #GameDevSecurity https://shalzuth.com/Blog/IFoundAGameExploit
Shalzuth
Reverse Engineering: I Found a Game Exploit That Lets Hackers Take Over Your PC
Reverse Engineering: I discovered a serious Remote Code Execution (RCE) vulnerability in a popular game that could let attackers run code on your PC. Watch how I found it, reported it, and what you can do to stay safe.
Live Chat Blog #2: Cisco Webex Connect - Access to millions of chats histories #LiveChatBlog #CiscoWebexConnect #VulnerabilityFound #AccessToCustomerChats #OrionSecurity https://www.ophionsecurity.com/post/cisco-webex-connect-vulnerability-unauthenticated-access-to-all-chats
Ophionsecurity
Live Chat Blog #2: Cisco Webex Connect - Access to millions of chats histories - Ophion Security Publications
In July 2024, we identified a vulnerability that resulted in access to millions of live customer support messages for organizations using Cisco Webex Connect.
SlackPirate Set Sails Again! Or: How to Send the Entire “Bee Movie” Script to Your Friends in Slack #SlackPirate #BeeMovieScript #SpecterOps #RedTeam #WebSecurity https://posts.specterops.io/slackpirate-set-sails-again-or-how-to-send-the-entire-bee-movie-script-to-your-friends-in-slack-d9c691ae33f5
Medium
SlackPirate Set Sails Again! Or: How to Send the Entire “Bee Movie” Script to Your Friends in Slack
TLDR: SlackPirate has been defunct for a few years due to a breaking change in how the Slack client interacts with the Slack API. It has a…
Everyone knows your location: tracking myself down through in-app ads #LocationDataLeak #AppTracking #DataBrokers #UserConsent #GeolocationTracking https://timsh.org/tracking-myself-down-through-in-app-ads/
tim.sh
Everyone knows your location
How I tracked myself down using leaked location data in the in-app ads, and what I found along the way.
SLAP (Data Speculation Attacks via Load Address Prediction on Apple Silicon) and FLOP (Breaking the Apple M3 CPU via False Load Output Predictions ) Apple CPUs speculation attacks #SLAP #FLOP #Apple #SpeculativeExecution #DataLeak https://predictors.fail/
predictors.fail
SLAP and FLOP
The SLAP and FLOP Address and Value Prediction Attacks
Ransomware Groups Exploiting Microsoft Teams #RansomwareGroups #ExploitingMicrosoftTeams #GoSecure #Cybersecurity #ProtectYourOrganization https://gosecure.ai/blog/2025/01/22/ransomware-groups-exploiting-microsoft-teams/
GoSecure
24/7 managed detection, response, and expert cybersecurity services - GoSecure
We provide around-the-clock threat detection and incident response, backed by expert consulting to keep your organization secure.
Analyzing ELF/Sshdinjector.A!tr with a Human and Artificial Analyst #FortiGuardLabs #AIanalysis #ELF/Sshdinjector #malware #ThreatResearch https://www.fortinet.com/blog/threat-research/analyzing-elf-sshdinjector-with-a-human-and-artificial-analyst
Fortinet Blog
Analyzing ELF/Sshdinjector.A!tr with a Human and Artificial Analyst
FortiGuard Labs reverse engineers a malware’s binaries to look into what the malware is actually doing.…
Nice website to check how much the infosec salaries are #GlobalSalaryIndex #Cybersecurity #InfoSec #isecjobs #TransparentData https://isecjobs.com/insights/our-global-salary-index-2025-is-now-live/
foo🦍
foo🦍 ~/all coding
The career platform for coders, builders, hackers and makers.
How to prove false statements? (Part 1) #Cryptography #RandomOracleModel #FalseStatementProof #PracticalAttacks #ZKSchemes https://blog.cryptographyengineering.com/2025/02/04/how-to-prove-false-statements-part-1/
A Few Thoughts on Cryptographic Engineering
How to prove false statements? (Part 1)
Trigger warning: incredibly wonky theoretical cryptography post (written by a non-theorist)! Also, this will be in two parts. I plan to be back with some more thoughts on practical stuff, like clou…
GPUAF - Two ways of Rooting
All Qualcomm based Android
phones https://powerofcommunity.net/poc2024/Pan%20Zhenpeng%20&%20Jheng%20Bing%20Jhong,%20GPUAF%20-%20Two%20ways%20of%20rooting%20All%20Qualcomm%20based%20Android%20phones.pdf
All Qualcomm based Android
phones https://powerofcommunity.net/poc2024/Pan%20Zhenpeng%20&%20Jheng%20Bing%20Jhong,%20GPUAF%20-%20Two%20ways%20of%20rooting%20All%20Qualcomm%20based%20Android%20phones.pdf
0x07 - Introduction to Windows Kernel Race Conditions #WindowsKernel #RaceCondition #VulnerabilityType #Exploitation #DoubleFetch https://wetw0rk.github.io/posts/0x07-introduction-to-windows-kernel-race-conditions/
wetw0rk.github.io
0x07 - Introduction to Windows Kernel Race Conditions
NEW No-Click Critical Vulnerability in Microsoft Windows: CVE-2025-21298 #MicrosoftWindows #CriticalVulnerability #CVE2025-21298 #Cybersecurity #HackersArise https://www.hackers-arise.com/post/new-no-click-critical-vulnerability-in-microsoft-windows-cve-2025-21298
Hackers Arise - EXPERT CYBERSECURITY TRAINING FOR ETHICAL HACKERS
NEW No-Click Critical Vulnerability in Microsoft Windows: CVE-2025-21298 - Hackers Arise
Welcome back, my aspiring cyberwarriors! Over the years, Microsoft Windows operating system, the world's most widely used OS, has been riddled with security vulnerabilities. As the years have gone by and Microsoft has become more security conscience, the…
🔥2
Debugging SMM with JTAG: Part 2 #DebuggingSMM #JTAG #IntelTrace #SMMEntry #LBRTrace https://www.asset-intertech.com/resources/blog/2025/02/debugging-smm-with-jtag-part-2/
Disassembling a binary: linear sweep and recursive traversal #DisassemblingBinary #PEFileFormat #ReverseEngineering #InstructionSetArchitecture #InsPEctor https://nicolo.dev/en/blog/disassembling-binary-linear-recursive/
nicolo.dev
Disassembling a binary: linear sweep and recursive traversal
Building your own set of analysis tools is a great exercise for those who already have some basics and allows you to later move on to implement more targeted analyses in reverse engineering. Even just seeing how the different algorithms can be implemented…
Privilege Escalation in Active Directory Domain Services: CVE-2025-21293 Exploit Revealed with PoC Code #PrivilegeEscalation #ActiveDirectory #CVE2025 #PoCCode #MicrosoftPatch https://securityonline.info/privilege-escalation-in-active-directory-domain-services-cve-2025-21293-exploit-revealed-with-poc-code/
Daily CyberSecurity
Privilege Escalation in Active Directory Domain Services: CVE-2025-21293 Exploit Revealed with PoC Code
Discover the details of CVE-2025-21293, an elevation of privilege vulnerability in Active Directory that allows attackers to escalate privileges to SYSTEM.
0x04 - Introduction to Windows Kernel Write What Where Vulnerabilities #WindowsKernel #WriteWhatWhere #Exploitation #Vulnerability #ArbitraryWrite https://wetw0rk.github.io/posts/0x04-writing-what-where-in-the-kernel/
Blowfish
0x04 - Introduction to Windows Kernel Write What Where Vulnerabilities
First off, if you’re following the series from the start, great job getting past the Use After Free in the Windows Kernel!
🤯1
0x05 - Introduction to Windows Kernel Type Confusion Vulnerabilities #WindowsKernelVulnerabilities #TypeConfusion #Exploitation #MemoryCorruption #CodeExecution https://wetw0rk.github.io/posts/0x05-introduction-to-windows-kernel-type-confusion-vulnerabilities/
wetw0rk.github.io
0x05 - Introduction to Windows Kernel Type Confusion Vulnerabilities