Malware signed by stolen certificates is using #Follina vulnerability to spread evil #AsyncRAT into the #Palau paradise. Seems targeted. Read more on #AvastDecoded decoded.avast.io/threatintel/ou…

The slides for my OffensiveCon talk "Finding and Exploiting 20-year-old bugs in Web Browsers" docs.google.com/presentation/d…

the OpSec course on JHT is free this week 😊

If you're a Beginner in Secure Code Review, watch this video. It gives you a basic idea of how to find XXE vulnerabilities during Secure Code Reviews. Video: youtube.com/watch?v=HKDe1z…

This is a fantastic read about how the world is changing and how @[email protected] would approach his career starting over in the now. I agree with 100% of his advice. securing.dev/posts/if-i-wer…

A lot of people think every bug is a vulnerability. It’s not. In Chapter 0 of my book From Day Zero to Zero Day, I break down exactly what makes a bug a real vulnerability and why it matters. 🪲 A bug is an error in logic or behavior. Whereas, a vulnerability must: 💥 Be

Analyzing Malicious OneNote Documents, by Didier Stevens #DFIR blog.didierstevens.com/2023/01/22/ana…

🕵️‍♀️ I'll be presenting "I SPy: Rethinking Entra ID research for new paths to Global Admin” at fwd:cloudsec June 30-July 1, alongside some fantastic other speakers: fwdcloudsec.org/conference/nor… If you can’t make it, talks are streamed at: youtube.com/@fwdcloudsec

🗻 Fuzzing Guide: Fuzzing A GameBoy Emulator With AFL++ Blog: bananamafia.dev/post/gb-fuzz/ #infosec #fuzzing

''Entra ID monitoring - are you doing the basics? (Part 2)'' #infosec #pentest #redteam #blueteam securediam.com/f/entra-id-mon…

🧠🔐 𝗩𝗣𝗞 - 𝗔𝗜-𝗣𝗼𝘄𝗲𝗿𝗲𝗱 𝗣𝗮𝘀𝘀𝘄𝗼𝗿𝗱 𝗖𝗿𝗮𝗰𝗸𝗶𝗻𝗴 A web-based platform that leverages Vast.ai GPU instances for authorized password cracking using Hashcat. 🔗 github.com/d-sec-net/VPK #CyberSecurity #RedTeam #Pentest

From Zero to main(): How to Write a Bootloader from Scratch Just found this awesome guide on how bootloaders work and how to build one from scratch. covering memory maps, linker scripts, startup code, and more. interrupt.memfault.com/blog/how-to-wr…

Introducing the BloodHound Query Library! 📚 Martin Sohn & Joey Dreijer explore the new collection of Cypher queries designed to help BloodHound users to unlock the full potential of the BloodHound platform by creating an open query ecosystem. ghst.ly/4jTgRQQ

DLL injection fundamental Part 1 systemweakness.com/dll-injection-… Part 2 systemweakness.com/dll-injection-… Part 3 systemweakness.com/dll-injection-…

''No Agent, No Problem: Discovering Remote EDR'' #infosec #pentest #redteam #blueteam jonny-johnson.medium.com/no-agent-no-pr…

All HackTheBox Active Directory machines in one place github.com/seriotonctf/Ha…

Here's the playlist: youtube.com/watch?v=86FAWC…

GitHub Repo: github.com/infatoshi/cuda…

AI at scale keeps reinventing and rediscovering classic systems & HPC tricks. Not because it’s unoriginal but because the bottlenecks: memory, I/O, and networking, are the same. Techniques like KV cache, speculative decoding, and paged attentions were all inspired by or resemble