What’s up, everyone? I’m back with Part 2 on implementing the Web Penetration Assistant (WPA) logic in RAWPA. Last time, we talked about the initial steps, and now, I’ve got some major updates to share.

It's difficult to show impact for Server-Side Request Forgery (SSRF) vulnerabilities when you cannot see the full HTTP response. Our research team details a novel technique that allowed for us to leak the full HTTP response, even though the SSRF seemed like…

Behind every secure MCP integration is a stack of OAuth standards working in harmony. Learn how they combine to deliver seamless authorization for LLMs.

An introduction to Threat Hunting and Cobalt Strike

In the final installment of Cryptominers’ Anatomy, Akamai researchers analyze cryptominers and reveal a novel technique to shut down mining botnet campaigns.

Security experts

Inside Iran’s online landscape, what Censys sees in access, control, and exposure across the country’s internet.

While looking for an API to use with Home Assistant, I found a vulnerability in a popular WiFi-connected alarm clock.

As an IAM SaaS company, our work often remains in the shadows—until something goes wrong. Today, I want to shed light on how we handle security at the very first layer all IAM systems have: the login page. Specifically, I’ll walk you through an incident we…

Windows Inter-Process Communication (IPC) is one of the most complex technologies in the Windows operating system. It consists of multiple layers that can work together or operate independently, depending on the usage context.

For example, you can use RPC…

Proof of concepts demonstrating some aspects of the Windows kernel shadow stack mitigation. - synacktiv/windows_kernel_shadow_stack

Let’s continue our journey into the world of IPC. As I mentioned in part one, we’re starting with RPC (Remote Procedure Call). I also said in my strategy that I’d begin with a high-level network overview of the technology to understand how the interface is…

Episode 01

In the previous part, we started digging into RPC — covering the server, the client, the interface, and topics like the endpoint mapper, well-known endpoints, and dynamic ones. Along the way, I mentioned a few things that I’d come back to later — like binding…

Welcome to the fourth part of the IPC series — and the third part focused specifically on RPC. Today, we’re going to talk about: RPC security, which will help complete the picture we've been building around how RPC works under the hood.

RPC security is a…

A new browser attack vectors just dropped, and it’s called FileFix — an alternative to the well-known ClickFix attack. This method, discovered and shared by mrd0x, shows how attackers can to execute commands right from browser, without requesting target to…

In July 2024, Google introduced a new feature to better protect cookies in Chrome: AppBound Cookie Encryption. This new feature was able to disrupt the world of infostealers, forcing the malware...