CVE for the 0day challenge I put on the Codegate CTF Finals: CVE-2024-27448 github.com/maildev/mailde… I think someone just wrote an exploit for it and never thought of adding credits while filing the CVE .... 😢

Discovering SSRF by cross-protocol redirection by @doyensec blog.doyensec.com/2023/03/16/ssr… #BBRENewsletter75

I wrote a blogpost on injecting code into a PPL process on Windows 11, without abusing any vulnerable driver. blog.slowerzs.net/posts/pplsyste…

Detecting scheduled task modifications #redteam #maldev ipurple.team/2024/01/03/sch…

Just discovered "Reset Tolkien" , a shiny new tool from Aethlios for cracking time-based secret tokens with the sandwich attack. Random-looking tokens can contain so many flaws, it's great to see more eyes on this area. aeth.cc/public/Article…

Reverse Engineering macOS Malware x.com/i/broadcasts/1…

In depth analysis and reverse engineering of an ESP32-based smart home device Great blog post by James Warner (James Warner) jmswrnr.com/blog/hacking-a… #esp32

''GitHub - tomwechsler/Active_Directory_Advanced_Threat_Hunting: This repo is about Active Directory Advanced Threat Hunting'' #infosec #pentest #redteam #blueteam github.com/tomwechsler/Ac…

Hey! I'm eager to present my & slonser research projects → Worldwide #spoofing via injections / #vulnerabilities of Email products [+#0day, #CVE] 📑 Article: blog.slonser.info/posts/email-at… ‼️ ⚙️ Code, article, slides: github.com/qwqoro/Mail-In… 📽️ Talk: qwqoro.works/videos/HaHacki… (#PHD2)

Helius is based AF helius.dev/blog/a-hitchhi…

Fun math puzzle from DUCTF crypto chal: V fo Vieta. It plays with the "Vieta jumping" technique. Turns out, it borrows the concept from the infamous IMO 1988 6th problem! Oh, how time flies, now in 2024 Vieta has made it into CTF... Check out my writeup: berliangabriel.github.io/post/ductf-202…

I wrote a blogpost and a tool on how to abuse Vectored Exception Handling (VEH) along with indirect syscalls to produce legitimate call stack without manually constructing them. Blog Link: whiteknightlabs.com/2024/07/31/lay… Tool Link: github.com/WKL-Sec/Layere…

Conference presentation slides: Credit Link: github.com/onhexgroup/Con… - Black Hat USA 2024 slides (3-8 August,2024) - REcon 2024 Slides (28-30 Jun,2024) - Offensivecon 2024 (May 10-11,2024 Berlin) - Blackhat Asia 2024 (April 16-19, 2024 Marina Bay Sands / Singapore) - Blackhat

New blog entry: C++ Unwind Metadata: A Hidden Reverse Engineering Bonanza msreverseengineering.com/blog/2024/8/20…

Here's my author writeup for htmlsandbox from SekaiCTF blog.ankursundara.com/htmlsandbox-wr… - a parsing differential in streamed vs non-streamed HTML

🎁 Monthly Giveaway 🎁 Hack The Box 12-month VIP+ x1 - Follow, Like, and Retweet to join! - Winner will be picked randomly on 3 September. #hackthebox #giveaway #projectsekaictf

We're excited to announce our 2nd giveaway, thanks to Hack The Box 🎉 We will pick 5 winners to win a Silver Annual subscription (+ Exam)! To enter: 1️⃣ Follow @BugBountyDefcon and Hack The Box 2️⃣ Like this ❤️ 3️⃣ Retweet this 🔁 You have time until next Friday (09/20).

Hey everyone! Super excited to share that our new cyber range, Electra, is live! It's an intermediate-level lab to sharpen your AWS pentesting skills. I'm also giving away a 1-year voucher for Pwned Labs! To enter, just: 1️⃣ Like this post 2️⃣ Retweet it 3️⃣ Drop a comment Check

🎁Monthly Giveaway🎁 Hack The Box 1-month Prolab - Follow, Like, and Retweet to join! - Winners will be picked randomly on 23 Apr. We will be announcing some big giveaways next month. Stay tuned! #hackthebox #giveaway #projectsekaictf