A code execution vulnerability we found in WinRAR, existed for about 19 years. enjoy :) research.checkpoint.com/extracting-cod…

medium.com/tenable-techbl…

CVE-2019-9730: Local privilege elevation in Synaptics Sound Device Driver package. Multiple OEMs affected. Exploit and write-up here: jackson-t.ca/synaptics-cxut….

Old school Divide by zero

“The great escapes of VMWare” (2017) blackhat.com/docs/eu-17/mat… < technically deep and thorough review of known vulns in VMware with patch analysis over the most common attack vectors 👍🏻👍🏻

It is well past time for laws that require all mission-critical software to have publicly published source code. Flying planes, driving cars, and using voting machines whose software hasn't been publicly analyzed is a dangerous (and deadly) policy choice. bloomberg.com/news/articles/…

Analyzing KSL0T (Turla’s Keylogger) Part 1 : 0ffset.net/reverse-engine… Part 2 – Reupload : 0ffset.net/reverse-engine…

Phantastic Code Smells and where to find them - Arne Mertz - Meeting C++ 2019 youtube.com/watch?v=tvGSoN… #cpp #cplusplus

Good tip of my colleague: This is how you can recognize 64 bit code wrongly interpreted as 32 bit code. It has lots of dec eax instructions because 0x48 is also used to signify 64 bit operand size. (32 bit interpretation is first picture, 64 bit second)

Reversing a real-world 249 bytes backdoor! : anee.me/reversing-a-re… cc Aneesh Dogra

Video tuts on iOS exploitation, by B.Ellis youtube.com/playlist?list=…

I'm very excited to share my blogpost series (including PoC code) about a remote, interactionless iPhone exploit over iMessage: googleprojectzero.blogspot.com/2020/01/remote…

Side channel research is getting ridiculous (x.com/stefant/status…) Here's "malware" that transmit data by changing the wifi signal power:

In case you missed it, the Apple’s Security Bounty is now open and offering some decent bounties that (try to) match black market offerings in a sassy move that I can easily endorse: developer.apple.com/security-bount… (with a remark that I didn’t try it myself yet)

Automated Deobfuscation of Ploutus ATM Malware : crowdstrike.com/blog/ploutus-a… Additional Resource : How to Deobfuscate Maze Ransomware : crowdstrike.com/blog/maze-rans…

"Exploits are really the closest thing to magic spells we have in this world" according to Halvar Flake. Kev demystifies an exploit of a double-free vulnerability in Ubuntu github.co/3pVse0G

Learn WebAppSec With Fun - Part 1 In frame: - #log4j - HPP - Domain Lowering - SOP Please RT for reach. More @http://securityzines.com #infosec #cybersecurity #pentesting #ctf #oscp #windows #cheatsheet #redteaming #burpsuite #bugbounty #bugbountytips #zines #security

Learn WebAppSec With Fun - Part 3 In frame: - Stored XSS - Burp Suite Please RT for reach. More @http://securityzines.com #infosec #cybersecurity #pentesting #ctf #oscp #windows #cheatsheet #redteaming #burpsuite #bugbounty #bugbountytips #zines #security

My latest Penetration Testing Project, I owned the whole Company 😎 #cybitsec #hacker #bugbountytips

Mindmap : This repository contains many mindmaps for cyber security technologies, methodologies, courses, and certifications in a tree structure to give brief details about them : github.com/Ignitetechnolo… credits Hacking Articles