Generate obfuscated command-line arguments for common system-native executables now with ArgFuscator.

This is the second part of a two three four-part series, which covers some recent results on “verifiable computation” and possible pitfalls that could occur there. This post won’t…

In the last tutorial we exploited a Type Confusion within the Windows 7 (x86) Kernel.

Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team

Introduction At the start of 2025, on Jan­u­ary 14th, Mi­crosoft re­leased over 20+ CVEs ad­dress­ing Re­mote Code Ex­e­cu­tion (RCE) vul­ner­a­bil­i­ties in Mi­crosoft Tele­pho­ny Ser­vices,...

Introduction A counterintuitive truth is that great products are defined by both the features they include, as well as those they don’t. We spend a lot of time pondering potential new features for …

Building reliable and secure software requires a range of approaches to reason about
systems correctness. Alongside industry-standard testing methods (such as unit and
integration testing), AWS has adopted model checking, fuzzing, property-based testing,…

Reverse Engineering: Decompiling Binary Code with Large Language Models - albertan017/LLM4Decompile

With all the tricks we know about file formats, let's move on to cryptography,
and exploit hash collisions!

Repository: https://github.com/corkami/collisions
Slides: https://speakerdeck.com/ange/colltris

00:00:00 introduction
00:00:59 timeline
00:04:53…

JPCERT/CC has confirmed that a new technique was used in an attack that occurred in July, which bypasses detection by embedding a malicious Word file into a PDF file. This blog article calls the technique “MalDoc in PDF” hereafter and...

In this post I will return to my exploration of 64 bit ARM architecture and will touch on the exciting topic of virtual memory and AArch64 memory model. Hopefully, by the end of this post I will have an example of how to configure paging in AArch64 and will…

The Washington Post is reporting that the UK government has served Apple with a “technical capability notice” as defined by the 2016 Investigatory Powers Act, requiring it to break the Advanced Data Protection encryption in iCloud for the benefit of law enforcement.…

NanoCore is a well-known Remote Access Trojan (RAT) used by threat actors for espionage, data theft, and system control. In this post, I will analyze a NanoCore RAT sample with the hash 18B476D3724…

Jooki was a dream come true for parents—an intuitive, screen-free audio player that let kids enjoy music and stories with the tap of a token. But that dream turned into frustration when the company behind Jooki went bankrupt, leaving countless devices bricked…

A global law enforcement operation targeting the Phobos ransomware gang has led to the arrest of two suspected hackers in Phuket, Thailand, and the seizure of 8Base's dark web sites. The suspects are accused of conducting cyberattacks on over 1,000 victims…

Leaders in Information Security

Akamai researchers explore Fortinet FortiOS and discover multiple vulnerabilities that can lead to denial-of-service and remote code execution attacks.

For our last company retreat, the Doyensec team went on a cruise along the coasts of the Mediterranean Sea. As amazing as each stop was, us being geeks, we had to break the monotony of daily pool parties with some much-needed hacking sessions. Luca and John…