January 12, 2023
Injecting JS into one site is harmful, into all, lethal
In this blog post, we present in detail a vulnerability we discovered in Rushbet v2022.23.1-b490616d, along with the steps to follow to replicate the exploit.
November 23, 2022
So it's the app itself that delivers the cookie to me?
In this blog post, I present in detail a zero-day vulnerability I discovered in KAYAK v161.1, along with the steps to follow to replicate the exploit.
September 12, 2022
Top 10 international capture the flag competitions
Do you know what capture the flag is in the cybersecurity field? Are you aware of some of the most recent and prominent CTF competitions worldwide? Learn here.
September 6, 2022
A Black Hat talk follow up
We will take a brief understanding at DirectX, a new attack surface on Hyper-V
May 28, 2022
Cross-process memory patching with Python
We will take AMSI bypass to another level by using cross-process memory injection.
April 20, 2022
Three strikes already for this web browser in 2022
In this blog post, you can learn about three zero-day vulnerabilities of at least high severity in Google Chrome that have been exploited this year.
December 23, 2021
Patch these Log4j vulnerabilities or perish!
A vulnerability in the ubiquitous open-source library Log4j has revealed terrifying exploit possibilities. Learn what it is and what you should do about it.
December 7, 2021
Clues in the investigation of cyberattacks
We describe the kinds of technical traces left in the phases of a cyberattack and talk about how they may help the attribution process.
December 2, 2021
Here's what happened this year, in case you missed it
Supply chain attacks, ransomware and data leaks: We give you a short summary of the major cyberattacks of 2021.