Analyze CVE-2025-32756, a Fortinet buffer overflow flaw under active attack, and see how NodeZero can validate exposure now.

Discover how to implement it with Arduino UNO, and what security measures can protect your system.

In this post I will briefly describe the journey I went through while implementing defendnot, a tool that disables Windows Defender by using the Windows Security Center (WSC) service API directly.
Even though this is most likely not what you expected to see…

TCC bypass on macOS isn't just an annoying prompt—it's the last line of defense between malware and your private data. Learn why.

Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in Smartbedded MeteoBridge. Learn about the risks and recommended actions.

In this paper I will reveal the discovery of wide-spread cases of request tunnelling in applications powered by popular servers including IIS, Azure Front Door and AWS' application load balancer including the creation of a novel detection technique that combined…

The Legit research team unearthed vulnerabilities in GitLab Duo.

Executive SummaryAnalyzing transmission control protocol (TCP) SYN segments,

Introduction
In this guide, we’ll walk step-by-step through building a fully functional internal che...

EclecticIQ and Hudson Rock researchers assess that Bitter APT very likely used stolen email credentials from Pakistan’s Counter Terrorism Department (CTD) to carry out the attack. The spear phishing campaign targeted PTCL personnel in critical roles, including…

This talk will introduce the deguard utility, allowing to bypass Intel BootGuard and enabling coreboot development on previously locked down platforms.

Binary Security was previously rewarded for three Server-Side Request Forgery (SSRF) vulnerabilities in Azure DevOps, which you can read about here. Now we have found another SSRF vulnerability that we also reported to Microsoft. We then bypassed Microsoft’s…

Exploring Azure Arc’s overlooked C2aaS potential. Attacking and Defending against its usage and exploring usecases.

Discover how attackers exploit trusted wireless networks using rogue APs, wireless pivots, and legacy protocols to turn secure EAP-TLS deployments into invisible attack surfaces.

InterceptSuite is a tool I created to intercept and analyse network traffic in desktop applications, whether encrypted or not. Unlike…

Converting a Normal SanDisk USB into a Bad USB or Rubber Ducky

How to reverse engineer Android apps & find confidential API Keys

Security researchers have uncovered several critical vulnerabilities in applications preloaded on Ulefone and Krüger&Matz Android smartphones. These flaws, reported by CERT Polska and discovered by Szymon Chadam, expose users to significant risks, including…

A backend flaw in Apple’s iOS infrastructure enables stealth provisioning on iPhones before the user ever sees a home screen.

This document defines a cryptographically secure mechanism for Root Certificate Authorities to perform emergency self-termination upon compromise detection. Current PKI architecture creates a mathematical impossibility: Root CAs cannot be cryptographically…