SLAP (Data Speculation Attacks via Load Address Prediction on Apple Silicon) and FLOP (Breaking the Apple M3 CPU via False Load Output Predictions ) Apple CPUs speculation attacks #SLAP #FLOP #Apple #SpeculativeExecution #DataLeak https://predictors.fail/
predictors.fail
SLAP and FLOP
The SLAP and FLOP Address and Value Prediction Attacks
Ransomware Groups Exploiting Microsoft Teams #RansomwareGroups #ExploitingMicrosoftTeams #GoSecure #Cybersecurity #ProtectYourOrganization https://gosecure.ai/blog/2025/01/22/ransomware-groups-exploiting-microsoft-teams/
GoSecure
24/7 managed detection, response, and expert cybersecurity services - GoSecure
We provide around-the-clock threat detection and incident response, backed by expert consulting to keep your organization secure.
Analyzing ELF/Sshdinjector.A!tr with a Human and Artificial Analyst #FortiGuardLabs #AIanalysis #ELF/Sshdinjector #malware #ThreatResearch https://www.fortinet.com/blog/threat-research/analyzing-elf-sshdinjector-with-a-human-and-artificial-analyst
Fortinet Blog
Analyzing ELF/Sshdinjector.A!tr with a Human and Artificial Analyst
FortiGuard Labs reverse engineers a malware’s binaries to look into what the malware is actually doing.…
Nice website to check how much the infosec salaries are #GlobalSalaryIndex #Cybersecurity #InfoSec #isecjobs #TransparentData https://isecjobs.com/insights/our-global-salary-index-2025-is-now-live/
foo🦍
foo🦍 ~/all coding
The career platform for coders, builders, hackers and makers.
How to prove false statements? (Part 1) #Cryptography #RandomOracleModel #FalseStatementProof #PracticalAttacks #ZKSchemes https://blog.cryptographyengineering.com/2025/02/04/how-to-prove-false-statements-part-1/
A Few Thoughts on Cryptographic Engineering
How to prove false statements? (Part 1)
Trigger warning: incredibly wonky theoretical cryptography post (written by a non-theorist)! Also, this will be in two parts. I plan to be back with some more thoughts on practical stuff, like clou…
GPUAF - Two ways of Rooting
All Qualcomm based Android
phones https://powerofcommunity.net/poc2024/Pan%20Zhenpeng%20&%20Jheng%20Bing%20Jhong,%20GPUAF%20-%20Two%20ways%20of%20rooting%20All%20Qualcomm%20based%20Android%20phones.pdf
All Qualcomm based Android
phones https://powerofcommunity.net/poc2024/Pan%20Zhenpeng%20&%20Jheng%20Bing%20Jhong,%20GPUAF%20-%20Two%20ways%20of%20rooting%20All%20Qualcomm%20based%20Android%20phones.pdf
0x07 - Introduction to Windows Kernel Race Conditions #WindowsKernel #RaceCondition #VulnerabilityType #Exploitation #DoubleFetch https://wetw0rk.github.io/posts/0x07-introduction-to-windows-kernel-race-conditions/
wetw0rk.github.io
0x07 - Introduction to Windows Kernel Race Conditions
NEW No-Click Critical Vulnerability in Microsoft Windows: CVE-2025-21298 #MicrosoftWindows #CriticalVulnerability #CVE2025-21298 #Cybersecurity #HackersArise https://www.hackers-arise.com/post/new-no-click-critical-vulnerability-in-microsoft-windows-cve-2025-21298
Hackers Arise - EXPERT CYBERSECURITY TRAINING FOR ETHICAL HACKERS
NEW No-Click Critical Vulnerability in Microsoft Windows: CVE-2025-21298 - Hackers Arise
Welcome back, my aspiring cyberwarriors! Over the years, Microsoft Windows operating system, the world's most widely used OS, has been riddled with security vulnerabilities. As the years have gone by and Microsoft has become more security conscience, the…
🔥2
Debugging SMM with JTAG: Part 2 #DebuggingSMM #JTAG #IntelTrace #SMMEntry #LBRTrace https://www.asset-intertech.com/resources/blog/2025/02/debugging-smm-with-jtag-part-2/
Disassembling a binary: linear sweep and recursive traversal #DisassemblingBinary #PEFileFormat #ReverseEngineering #InstructionSetArchitecture #InsPEctor https://nicolo.dev/en/blog/disassembling-binary-linear-recursive/
nicolo.dev
Disassembling a binary: linear sweep and recursive traversal
Building your own set of analysis tools is a great exercise for those who already have some basics and allows you to later move on to implement more targeted analyses in reverse engineering. Even just seeing how the different algorithms can be implemented…
Privilege Escalation in Active Directory Domain Services: CVE-2025-21293 Exploit Revealed with PoC Code #PrivilegeEscalation #ActiveDirectory #CVE2025 #PoCCode #MicrosoftPatch https://securityonline.info/privilege-escalation-in-active-directory-domain-services-cve-2025-21293-exploit-revealed-with-poc-code/
Daily CyberSecurity
Privilege Escalation in Active Directory Domain Services: CVE-2025-21293 Exploit Revealed with PoC Code
Discover the details of CVE-2025-21293, an elevation of privilege vulnerability in Active Directory that allows attackers to escalate privileges to SYSTEM.
0x04 - Introduction to Windows Kernel Write What Where Vulnerabilities #WindowsKernel #WriteWhatWhere #Exploitation #Vulnerability #ArbitraryWrite https://wetw0rk.github.io/posts/0x04-writing-what-where-in-the-kernel/
Blowfish
0x04 - Introduction to Windows Kernel Write What Where Vulnerabilities
First off, if you’re following the series from the start, great job getting past the Use After Free in the Windows Kernel!
🤯1
0x05 - Introduction to Windows Kernel Type Confusion Vulnerabilities #WindowsKernelVulnerabilities #TypeConfusion #Exploitation #MemoryCorruption #CodeExecution https://wetw0rk.github.io/posts/0x05-introduction-to-windows-kernel-type-confusion-vulnerabilities/
wetw0rk.github.io
0x05 - Introduction to Windows Kernel Type Confusion Vulnerabilities
ArgFuscator: a website to obfuscate commands #ArgFuscator #Obfuscation #Commands #Options #GitHub https://argfuscator.net
ArgFuscator
Generate obfuscated command-line arguments for common system-native executables now with ArgFuscator.
🤔1
How to prove false statements? (Part 2) #CryptographicEngineering #VerifiableComputation #FalseStatementProofs #FiatShamir #RandomOracle https://blog.cryptographyengineering.com/2025/02/06/how-to-prove-false-statements-part-2/
A Few Thoughts on Cryptographic Engineering
How to prove false statements? (Part 2)
This is the second part of a two three four-part series, which covers some recent results on “verifiable computation” and possible pitfalls that could occur there. This post won’t…
0x06 - Approaching Modern Windows Kernel Type Confusions #WindowsKernel #TypeConfusions #Exploitation #VirtualMemory #PagedMemory https://wetw0rk.github.io/posts/0x06-approaching-modern-windows-kernel-type-confusions/
Blowfish
0x06 - Approaching Modern Windows Kernel Type Confusions
In the last tutorial we exploited a Type Confusion within the Windows 7 (x86) Kernel.
Advisory: CVE-2024-55957 #CVE202455957 #ThermoScientific #PrivilegeEscalation #SecurityPatch #TierZeroSecurity https://tierzerosecurity.co.nz/2025/02/07/cve-2024-55957.html
Tier Zero Security
Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team
Windows Telephony Services: 2025 Patch Diffing & Analysis Part 1 #WindowsTelephonyServices #CVE2025 #TelephonyIntegration #PatchAnalysis #TAPIarchitecture https://blog.securelayer7.net/windows-telephony-services-2025-patch-diffing-and-analysis-pt-1/
SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management
Windows Telephony Services: 2025 Patch Diffing & Analysis Part 1
Introduction At the start of 2025, on January 14th, Microsoft released over 20+ CVEs addressing Remote Code Execution (RCE) vulnerabilities in Microsoft Telephony Services,...
Almost famous: behind the scenes of a feature that didn’t make the cut #ThinkstThoughts #FeatureCut #GhostServer #Canary #DeceptionTechnique https://blog.thinkst.com/2025/02/almost-famous-behind-the-scenes-of-a-feature-that-didnt-make-the-cut.html
Thinkst Thoughts
Almost famous: behind the scenes of a feature that didn’t make the cut
Introduction A counterintuitive truth is that great products are defined by both the features they include, as well as those they don’t. We spend a lot of time pondering potential new features for …