An analysis of the threat posed by TikTok and why we need to weigh our options carefully.
Dec 2022
An analysis of the threat posed by TikTok and why we need to weigh our options carefully.
Dec 2022
Nov 2022
Vulnerability Details From https://www.openssl.org/news/secadv/20221101.txt X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602) ========================================================== Severity: High A buffer overrun can be triggered in X.509 certificate verification, specifically The post Everything you need to know about the OpenSSL 3.0.7...
Nov 2022
An introduction to Use-After-Free exploitation and walking through one of my old challenges. Challenge Info: https://www.malwaretech.com/challenges/windows-exploitation/user-after-free-1-0 Download Link: https://malwaretech.com/downloads/challenges/UserAfterFree2.0.rar Password: MalwareTech The post [Video] Introduction to Use-After-Free Vulnerabilities...
May 2022
Walking through my process of how I use patch analysis and reverse engineering to find vulnerabilities, then evaluate the risk and exploitability of bugs. The post [Video] Exploiting Windows RPC – CVE-2022-26809 Explained | Patch Analysis appeared first on MalwareTech.
Apr 2022
There has been much discussion in cyber security about the possibility of enabling the private sector to engage in active cyber defense, or colloquially “hacking back”. Several house bills have been introduced to study or enable this, such as the “Study on Cyber-Attack Response Options Act” and “Active Cyber Defense … The post An in-depth look at...
Nov 2021
Up until recently, I’d never tried the bug hunting part of vulnerability research. I’ve been reverse engineering Windows malware for over a decade, and I’d done the occasional patch analysis, but I never saw a point in bug hunting on a major OS. After all, there are teams of vulnerability … The post How I Found My First Ever ZeroDay (In RDP) appeared...
Jan 2021
Recently, The New York Times posted a sensational article about criminals using sophisticated state software for the first time. The headline is non-specific and could be taken to mean state hacking tools in general; however, this would be completely untrue. The NSA hacking tools leaked by the shadowbrokers are used … The post Are Criminals Really...
Jun 2020
Due to the serious risk of a BlueKeep based worm, I’ve held back this write-up to avoid advancing the timeline. Now that a proof-of-concept for RCE (remote code execution) has been release as part of Metasploit, i feel it’s now safe for me to post this. This article will be … The post BlueKeep: A Journey from DoS to RCE (CVE-2019-0708) appeared first...
Sep 2019
Follow RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters! Get unfiltered news feeds or filter them to your liking.
Get Inoreader