Port 22

~ 3 Oct 2019 ~

IDA, I Think Its Time You And I Had a Talk: Controlling IDA Pro With Voice Control Software

~ 26 Sep 2019 ~

On Chinese "Spy Trains"

~ 9 Sep 2019 ~

Facebook Patches "Memory Disclosure Using JPEG Images" Flaws in HHVM Servers

~ 7 Sep 2019 ~

Open Sourcing StringSifter

~ 27 Aug 2019 ~

How Do I Handle Security Alert Fatigue?

~ 23 Aug 2019 ~

License Plate "NULL"

~ 15 Aug 2019 ~

Sodinokibi ransomware searches for South Korean antivirus "Ahnlab" to inject its payload (because its autoup.exe is vulnerable). Also uses Windows' CompMgmtLauncher.exe's complete lack of checks to bypass UAC.

~ 13 Aug 2019 ~

Showing Vulnerability to a Machine: Automated Prioritization of Software Vulnerabilities

Live stream flailing ( start at 1HR 37Min ) install the new high security OS called "Qubes" finding it horrible to install and even worse to use.

~ 12 Aug 2019 ~

Is My Development Environment at Risk?

~ 9 Aug 2019 ~

PINJECTRA: Known Windows 10 64-bit Process Injection Techniques + New One (dubbed "Stack Bomber") as a C++ Library

~ 8 Aug 2019 ~

Finding Evil in Windows 10 Compressed Memory, Part Three: Automating Undocumented Structure Extraction

Finding Evil in Windows 10 Compressed Memory, Part Two: Virtual Store Deep Dive

~ 6 Aug 2019 ~

Clamav: Denial of service through "better zip bomb"

~ 5 Aug 2019 ~

New AWS "vulnerable by design" CloudGoat scenario inspired by the Capital One breach

~ 4 Aug 2019 ~

"Three (And A Half) Vulns For The Price of One!" - XSS, SSRF, and XXE in a single input box

~ 3 Aug 2019 ~

My writeup for Fortune. This was my first "Insane" ranked box.

~ 29 Jul 2019 ~

How Can We Stop Ransomware From Spreading?

~ 26 Jul 2019 ~

Underscoring the "private" in private key: Recovering the private key for a valid certificate from the Amazon Music app

~ 24 Jul 2019 ~

VLC "security issue"

~ 9 Jul 2019 ~

CloudGoat, the "Vulnerable by Design" AWS Deployment Tool, Official Scenario Walkthrough: rce_web_app

"The Risks of an IT Versus OT Paradigm"

~ 26 Jun 2019 ~

Microsoft Adds 2FA-Protected "Personal Vault" Within OneDrive Cloud Storage

Microsoft Adds 2FA-Protected "Personal Vault" Within OneDrive Cloud Storage

~ 20 Jun 2019 ~

How Apple's "Find My" Feature Works

Free German lecture notes from a "Introduction to Web Security" lecture (around 100pages, is WIP)

~ 13 Jun 2019 ~

The Rise of "Purple Teaming"

~ 5 Jun 2019 ~

Government Sector in Central Asia Targeted With New HAWKBALL Backdoor Delivered via Microsoft Office Vulnerabilities

~ 30 May 2019 ~

Framing the Problem: Cyber Threats and Elections

~ 29 May 2019 ~

Is this plausible? "SIM Port Hack"

Learning to Rank Strings Output for Speedier Malware Analysis

~ 28 May 2019 ~

Network of Social Media Accounts Impersonates U.S. Political Candidates, Leverages U.S. and Israeli Media in Support of Iranian Interests

Nearly 1 Million Computers Still Vulnerable to "Wormable" BlueKeep RDP Flaw

~ 23 May 2019 ~

Is there a technical term for these "light codes"? I looked around on Wikipedia and could find any mention, seems like an interesting stego technique

~ 22 May 2019 ~

My first professional article: "Static Code Analysis A Personal Research Story"

~ 21 May 2019 ~

The U.S. Navy "attacked" the U.S. Air Force with a "Splunk Tool"

~ 20 May 2019 ~

The Concept of "Return on Data"

~ 16 May 2019 ~

0day "In the Wild" Spreadsheet by Google Project Zero

~ 14 May 2019 ~

"Web scraping considered dangerous": Exploiting the telnet service in scrapy < 1.5.2

~ 6 May 2019 ~

"7 Tips For Planning ICS Plant Visits"

~ 3 May 2019 ~

Friday Squid Blogging: Squid Skin "Inspires" New Thermal Sheeting

~ 2 May 2019 ~

"ICS Defenders: Light up your green, blue or purple lightsabers"

"ICS Defenders - Light up your green, blue or purple lightsabers"

~ 1 May 2019 ~

Insane bad security for download server from O&O "ShutUp10" tool

~ 20 Apr 2019 ~

(Thai) In-depth Analysis of "SUDO_INJECT" Privilege Escalation Vulnerability

~ 17 Apr 2019 ~

A "Department of Cybersecurity"

~ 16 Apr 2019 ~

Spear Phishing Campaign Targets Ukraine Government and Military; Infrastructure Reveals Potential Link to So-Called Luhansk People's Republic

~ 15 Apr 2019 ~

FLASHMINGO: The FireEye Open Source Automatic Analysis Tool for Flash

~ 12 Apr 2019 ~

Encrypted Messaging Project "Matrix" Suffers Extensive Cyber Attack

~ 9 Apr 2019 ~

Churning Out Machine Learning Models: Handling Changes in Model Predictions

~ 7 Apr 2019 ~

My first POC: Gaining root access to a kubernetes node with a "bad" container. Comments welcome

~ 26 Mar 2019 ~

Researchers use fake "Breaking News" alerts to illustrate a stupid-easy web exploit

WinRAR Zero-day Abused in Multiple Campaigns

~ 19 Mar 2019 ~

How malvertiser "VeryMal" abused Firebase to conceal and smuggle their payload.

~ 15 Mar 2019 ~

Dissecting a NETWIRE Phishing Campaign's Usage of Process Hollowing

~ 13 Mar 2019 ~

Breaking the Bank: Weakness in Financial AI Applications

CVE-2019-0539 Microsoft Edge Chakra Exploitation: Achieving memory full R\W primitive

~ 11 Mar 2019 ~

"If you want, I can store the encrypted password." - A Password-Storage Field Study with Freelance Developers [PDF]

~ 5 Mar 2019 ~

Automated/declarative "pen testing as code"

~ 1 Mar 2019 ~

"Cheapest" sketchy hindi certs for sale

~ 28 Feb 2019 ~

FLARE Script Series: Recovering Stackstrings Using Emulation with ironstrings

~ 27 Feb 2019 ~

"Insider Threat" Detection Software

~ 25 Feb 2019 ~

"Building Virtual Machine Labs" is now free!

~ 24 Feb 2019 ~

"How a chain of multiple hacks leads me to database compromise"

~ 13 Feb 2019 ~

Researchers Implant "Protected" Malware On Intel SGX Enclaves

~ 6 Feb 2019 ~

Using Gmail "Dot Addresses" to Commit Fraud

~ 5 Feb 2019 ~

Exploiting Google "dot" Email Accounts for Fun and for Profit. But mostly for profit

~ 1 Feb 2019 ~

"A fresh look on reverse proxy related attacks" by @antyurin

~ 27 Jan 2019 ~

The end of the "perimeter" as we know it

~ 24 Jan 2019 ~

A brazilian academic researcher's BGP "research" triggered a bug in FRR twice (jan 8 and jan 23), knocking routers around the world offline

~ 22 Jan 2019 ~

Evilginx 2.3.0 "Phisherman's Dream" Update - 2FA bypassing reverse proxy phishing framework (Tool)

~ 20 Jan 2019 ~

xioc: Extract IOCs from text, including "escaped" ones.

~ 17 Jan 2019 ~

Troy Hunt: The 773 Million Record "Collection #1" Data Breach

~ 6 Jan 2019 ~

Tool release: Universal Phishing Reverse Proxy "Modlishka" (2FA support)

~ 26 Dec 2018 ~

Detecting Use of SandboxEscaper's "MsiAdvertiseProduct" 0-day PoC

~ 23 Dec 2018 ~

Hey everyone, I was wondering what you think about the topic talked about in the linked document, "Overwriting Hard Drive Data: The Great Wiping Controversy"

~ 12 Dec 2018 ~

FLARE Script Series: Automating Objective-C Code Analysis with Emulation

~ 28 Nov 2018 ~

The "Typical" Security Engineer: Hiring Myths & Stereotypes

~ 20 Nov 2018 ~

Cmd and Conquer: De-DOSfuscation with flare-qdb

~ 16 Nov 2018 ~

SaSSHimi: tool to bypass "AllowTcpForwarding no" and build dynamic tunnels

Secret Charges Against Julian Assange Revealed Due to "Cut-Paste" Error

~ 15 Nov 2018 ~

7 new "Spectre Like" attacks using transient execution

~ 14 Nov 2018 ~

Oracle and "Responsible Disclosure"

~ 4 Nov 2018 ~

New "Breached Database Search Engine" on the Radar

~ 2 Nov 2018 ~

New "Bleedingbit" Vulnerability could allow an attacker to run arbitrary code on Enterprise Access Points.

U.S. ISBN registry ran "unauthorized code" on its checkout page for nearly 6 months

~ 31 Oct 2018 ~

Apple's New MacBook Disconnects Microphone "Physically" When Lid is Closed

~ 29 Oct 2018 ~

IBM Buys "Red Hat" Open-Source Software Company for $34 Billion

~ 14 Oct 2018 ~

"Big Star Labs" spyware campaign affects over 11,000,000 people

~ 8 Oct 2018 ~

Defeating the "Deal or No Deal" Arcade Game

~ 5 Oct 2018 ~

"Supposely" GRU using a Pineapple nano (see slide 26)

Debunking "OSINT Analysis of the TOR Foundation" and a few words about Tor's directory authorities

~ 4 Oct 2018 ~

Conspiracy Theories Around the "Presidential Alert"

~ 21 Sep 2018 ~

Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction

~ 17 Sep 2018 ~

"...But I'm a CIP Cyborg Warrior with Real Kung Fu Grip... Then Prove It!"

~ 13 Sep 2018 ~

Bypassing Antivirus for Your Antivirus Bypass

Bypassing Antivirus for Your Antivirus Bypass

~ 10 Sep 2018 ~

Slides & presentation of "Unpacking the non-unpackable" (anti-static analytic new ELF packer) in R2CON2018

Chrome/Chromium now considers "www" to be a "trivial" subdomain and no longer shows it in the address bar.

~ 9 Sep 2018 ~

"Big Star Labs" spyware campaign affects over 11,000,000 people