Home
Recommended
Other Links
Executive Summary Why We Care about Sandbox Emulation As a discipline, information security involves a vast web of entry vectors, mitigations, and counter-mitigations. Among these, one of the most impactful points of conflict between attackers and defenders is what happens when binaries are subjected to sandbox emulation. Purely static analysis has been understood to be […]
Have you ever wondered how many vulnerabilities you've missed by a hair's breadth, due to a single flawed choice? We've just released Shadow Repeater, which enhances your manual testing with AI-powere
# LSA Secrets: revisiting secretsdump
When doing Windows or Active Directory security assessments, retrieving secrets stored on a compromised host constitutes a key step to move laterally within the network or increase one's privileges. The infamous `secretsdump.py` script from the impacket suite...
As you may have already heard, the HIPAA Security Rule is undergoing a much-needed update. We wanted to discuss what Covered Entities and Business Associates - now referred to as “Regulated Entities” - can expect as the new rule moves through the federal register phases of the Notice of Proposed Rul
### Summary
A vulnerability in PAN-OS OpenConfig allows an authenticated user to run arbitrary commands on the underlying OS. The commands are run as device administrator.
### Details
Palo A...
### Summary
In this report, we describe multiple vulnerabilities we discovered in Rsync.
The first pair of vulnerabilities are a [Heap Buffer Overflow](https://nvd.nist.gov/vuln/detail/cve-202...
Can GitHub Issues Hijack Your AI? This post explores how ChatGPT Operator can be hijacked through prompt injection exploits on web pages, leading to unauthorized data leakage of personal information.
In the field of cybersecurity, vulnerability disclosure has long been regarded as a crucial step in safeguarding users. However, in practice, this process is fraught with controversy and contradictions. What truly constitutes “responsible disclosure”? When vendors dominate the public release of information and patch deployment, while security researchers invest substantial time and energy in negotiations, can this model still fulfill its intended purpose of protecting user security? In an era of rapidly advancing technology and escalating cyber threats, has the traditional vulnerability disclosure process become outdated?
In the increasingly intense offense and defense confrontation of 2024, security software has always been regarded as an important cornerstone of the corporate security defense line. However, these security softwares themselves may also have vulnerabilities and could be exploited by attackers as a springboard for intrusions to harm users. Over the years, incidents caused by security software have raised a question — can security software really be trusted?
The following is the eighth article of the “DARKNAVY INSIGHT | 2024 Annual Security Report”.
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
In recent years, the evolution of vulnerabilities and defense techniques has been continuous. From the days when a simple stack overflow could compromise a system, to the present day, where sophisticated techniques are necessary to bypass multiple layers of defense. The “shield” and the “spear” are in dynamic confrontation: whenever new defense measures are introduced, new attack methods emerge in response. The enhancement of defense mechanisms compels attackers to seek out new vulnerabilities, while the innovation of attack techniques propels the development of defense technologies
Does open source guarantee that there are no backdoors?
At the 1983 Turing Award ceremony, Ken Thompson raised this question. As one of only three legends to win the Turing Award before the age of 40, he demonstrated how to hack Unix systems compiled from harmless source code by implanting backdoors in compilers, remaining a tale frequently cited by hackers to this day.
In 2024, the XZ backdoor incident resurfaced this question. Under the nose of the open-source community, attackers successfully pushed the backdoored xz-utils 5.6.1 package into official repositories of several distributions like Debian and Fedora. Fortunately, engineer Andres Freund discovered and reported the abnormal behavior of xz-utils 5.6.1 in time. Although the community effectively stopped the backdoor’s spread, this heart-stopping crisis made every open-source user rethink the trust model in collaborative development.
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
At the beginning of 2025, the five-year “Siri Eavesdropping Scandal” finally came to an end. Apple settled a class-action lawsuit with the plaintiffs for $95 million.
This well-known privacy case started when users accused Siri of accidentally capturing and recording their everyday conversations without permission, and leaking the data to third-party advertisers.
Even though Apple firmly denied these claims, public concern over privacy security is growing day by day. Now, we share massive amounts of personal data with AI every day. Are these privacy data really secure enough?
Under the collective efforts of security researchers and increasingly stringent security mitigations, most memory vulnerabilities have been nipped in the bud.
Is it time to declare memory vulnerabilities a thing of the past?
In July 2024, a “nuclear bomb” from the Windows camp shattered the illusion of security. We can’t help but ask: When faced with threats from memory, just how much can the walls in front of us really defend against?
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
# !exploitable Episode One - Breaking IoT
11 Feb 2025 - Posted by Savio Sisco
## Introduction
For our last company retreat, the Doyensec team went on a cruise along the coasts of the Mediterranean Sea. As amazing as each stop was, us being geeks, we had to break the monotony of daily pool...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
Gemini allows persistent storage of memories. However, a bypass technique using delayed tool invocation can force Gemini to store false information into a user’s long-term memory. This post explores how uploaded documents can be used as an attack vector.
Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
Feb 10 2025 @ 5:30 AM
Aleksandar Nikolic
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
2023 was the dawn of generative AI and large language models, which output content in unprecedented ways.
In 2024, a large number of AI agents emerged, expanding the capabilities of LLM, driving more widespread tool usage, and extending their application to more fields.
For security researchers, how to leverage AI to improve work efficiency, and even drive AI to think, analyze, and find vulnerabilities like humans, has become a key topic.
Since the early 2000s, attacks based on browser vulnerabilities have remained a mainstream, effective, and versatile attack method. The following is the second article from the “DARKNAVY INSIGHT | 2024 Annual Security Report”.
According to the latest report from market research firm Statcounter, Chrome has unquestionably secured its position as the most dominant browser in terms of market share.
Chrome is renowned for its exceptional security, with the Google security team continuously researching and implementing cutting-edge vulnerability mitigation mechanisms. One of the most well-known among them is MiraclePtr, designed to prevent attackers from exploiting Use-After-Free (UAF) vulnerabilities in the browser.
In the “DARKNAVY INSIGHT | 2023 Annual Security Report”, we noted: “As we stand on the precipice of the next decade, 2023 will undoubtedly be a year of profound transformation. The deployment of new defense mechanisms and the rise of novel attack technologies will fundamentally reshape the digital security landscape.”
The year 2024 arrived like a swift gust of wind, only to fade away like a brief storm. The AI revolution, breakthroughs in mobile operating systems, and challenges in supply chain security that we discussed in 2023 continue to unfold in 2024, leaving little room to catch our breath.
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
The article is informative and intended for security specialists conducting testing within the scope of a contract. The author is not responsible for any damage caused by the application of the provided information. The distribution of malicious programs, disruption of system operation, and violation of the confidentiality of correspondence are pursued by law.
Introduction In this article, I would like to discuss a vulnerability I discovered in Casdoor, starting with a brief overview:
Welcome to the Top 10 Web Hacking Techniques of 2024, the 18th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year
Surprise surprise, we've done it again. We've demonstrated an ability to compromise significantly sensitive networks, including governments, militaries, space agencies, cyber security companies, supply chains, software development systems and environments, and more.
“Ugh, won’t they just stick to creating poor-quality memes?” we hear you moan. Maybe we should, maybe we shouldn’t - regardless, it’s too late at this stage and so we have to live with it.
From those of you who enjoy our research,
Using SourcePoint’s JTAG debugger to investigate the implementation of Intel CET Shadow Stacks in kernel-mode on Windows
### Summary
Google Security Team has identified a security vulnerability in some AMD Zen-based CPUs. This vulnerability allows an adversary with local administrator privileges (ring 0 from outside...
Imagine downloading a game from a third-party app store. You grant it seemingly innocuous permissions, but hidden within the app is a malicious exploit that allows attackers to steal your photos, eavesdrop on your conversations, or even take complete control of your device. This is the kind of threat posed by vulnerabilities like CVE-2022-22706 and CVE-2021-39793, which we’ll be dissecting in this post. These vulnerabilities affect Mali GPUs, commonly found in many Android devices, and allow unprivileged apps to gain root access.
Because we can't have nice things on the
web, here is a stupid
trick to kill some bots. First, create a hefty 10TB (g)zip bomb with `dd
if=/dev/zero bs=10M count=1G | gzip -9 > /etc/caddy/10T.gzip`. Don't worry, this
doesn't take disk space nor ram, only a bit of CPU and some time. Then, put
the...
Posted by James Forshaw, Google Project Zero Object orientated remoting technologies such as DCOM and .NET Remoting make it very easy ...
Posted by James Forshaw, Google Project Zero Back in 2021 I wrote a blog post about various ways you can build a virtual memory acces...
# Common OAuth Vulnerabilities
30 Jan 2025 - Posted by Jose Catalan, Szymon Drosdzol
OAuth2’s popularity makes it a prime target for attackers. While it simplifies user login, its complexity can lead to misconfigurations that create security holes. Some of the more intricate vulnerabilities...
Discover the exciting world of cybersecurity research: what researchers do, essential skills, and actionable steps to begin your journey toward protecting the digital world.
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
TL;DR ¶ jub0bs/cors v0.5.0 now lets you handle CORS-configuration errors programmatically. This feature should be of interest to you if you’re a multi-tenant service provider and you let your tenants configure CORS for their instances. jub0bs/cors’s commitment to configuration validation ¶ One long-standing and distinguishing feature of jub0bs/cors is extensive configuration validation, motivated by my desire to rule out dysfunctional CORS middleware and to discourage the instantiation of insecure CORS middleware.
Unicode codepoint truncation - also called a Unicode overflow attack - happens when a server tries to store a Unicode character in a single byte. Because the maximum value of a byte is 255, an overflo
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
Welcome to Monday, and what an excitingly fresh start to the week we're all having. Grab your coffee, grab your vodka - we're diving into a currently exploited-in-the-0wild critical Authentication Bypass affecting foRtinet's (we are returning the misspelling gesture 🥰) flagship SSLVPN appliance, the FortiGate.
Imagin eplease that we inserted a meme here about the typical function of a gate and how it seems that word now means something different
As we're sure others have been; we've been awar
# Abusing multicast poisoning for pre-authenticated Kerberos relay over HTTP with Responder and krbrelayx
_A few years ago, James Forshaw discovered a technique allowing to perform Kerberos relaying over HTTP by abusing local name resolution poisoning. In this article, we present the attack and...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
Executive Summary CVE-2024-26230 is a critical vulnerability found in the Windows Telephony Service (TapiSrv), which can lead to an elevation of privilege on affected systems. The exploit leverages a use-after-free in FreeDialogInstance. By manipulating the registry, an attacker controls memory allocation to create a fake object, triggering the UAF in TUISPIDLLCallback to gain code execution. This is further chained with techniques to bypass mitigations like CFG and ultimately load a malicious DLL, escalating privileges to SYSTEM via PrintSpoofer.
