Security Operations

Issue #3 of Paged Out! zine is out::undefined

Introducing SMTP Smuggling: A novel technique for spoofing e-mails::undefined

It's been 24 hours of users reporting that Ubiquiti is showing other people's consoles and cameras with limited access::undefined

New Methodology for Bluetooth Security Assessment::undefined

Nmap Peek - View your Nmap files in VSCode::Extension for Visual Studio Code - View your nmap output inside VS Code, in a nice clean GUI

Credential Harvesting with PowerShell and SpecterInsight::Overview Credential harvesting, also known as credential theft or credential stealing, refers to the collection sensitive authentication information from individuals or systems. The goal of credent…

SyzGPT: When the fuzzer meets the LLM::undefined

New payload to exploit Error-based SQL injection - Oracle database::Learn Basic Concepts of Linux. Best site to learn Linux from beginner to Advanced.

CVE-2023-45866: Unauthenticated Bluetooth keystroke-injection in Android, Linux, macOS and iOS::undefined

Russian cyberops fact sheet (UK gov)::undefined

Spoofing DNS records by abusing Microsoft DHCP server::undefined

Web API testing techniques & labs::APIs (Application Programming Interfaces) enable software systems and applications to communicate and share data. API testing is important as ...

Cueing up a calculator: an introduction to exploit development on Linux::Using CVE-2023-43641 as an example, I’ll explain how to develop an exploit for a memory corruption vulnerability on Linux. The exploit has to bypass several mitigations to achieve code execution.

It’s not a Feature, It’s a Vulnerability::It takes a special kind of person to name a company after their own body part. Fortunately the Microsoft Security Response Center doesn’t seem to have inherited that kind of mentality, because when I have reported not a bug but a feature as a vulnerability - they accepted it.

Shooting Yourself in the .flags – Jailbreaking the Sonos Era 100::Research performed by Ilya Zhuravlev supporting the Exploit Development Group (EDG). The Era 100 is Sonos’s flagship device, released on March 28th 2023 and is a notable step up from the Sonos One. It was also one of the target devices for Pwn2Own Toronto 2023. NCC found multiple security weaknesses within the bootloader of the…

We Hacked Ourselves With DNS Rebinding::This post is the first in a two-part series on DNS rebinding in web browsers. In this post, I will talk about a bug we found in our own product which allowed us to retrieve low-privileged AWS credentials using DNS rebinding. In the next post, I will share new techniques to reliably achieve split-second DNS rebinding in Chrome, Edge, and Safari, as well as bypass Chrome's restrictions on requests to private networks.‍

DICOM Protocol Vulnerabilities and Attack Surface::undefined

New RCE popchain in WordPress::Fenrisk

Fuzzer-V: New project for Fuzzing Hyper-V VSP's using Intel Processor Trace (IPT) for code coverage guided fuzzing, built upon WinAFL, winipt, HAFL1, and Microsoft’s IPT.sys.::undefined

Have I Been Squatted? — Check if your domain has been typosquatted::A fast domain and typosquatting discovery tool

EvilSlackbot: A Slack Attack Framework::A Slack bot phishing framework for Red Teaming exercises - GitHub - Drew-Sec/EvilSlackbot: A Slack bot phishing framework for Red Teaming exercises

Defending Azure Active Directory (Entra ID): Unveiling Threats Through Hunting Techniques::Azure Active Directory stands as one of the most popular and widely-used cloud-based identity and access management services. Learn more.

Comprehensive guide on writing your first metasploit remote code execution module::Comprehensive guide on how to convert your RCE vulnerability into a fully functional metasploit module, that will spawn any payload. We use CVE-2023-32781 as our example.

4 of the top 10 password strength tools are giving people bad password advice, and they don't care.::Think your password is strong? Ever trusted a password strength tool online (or maybe you don't trust anything)? You might be surprised to see how far off the mark some of the most popular password strength tools are.

A Touch of Pwn: Attacking Windows Hello Fingerprint Authentication::Blackwing Intelligence provides high-end security engineering, analysis, and research services for engineering focused organizations