What is HTTP Request Smuggling? HTTP request smuggling is a technique used to interfere with the way a website processes sequences of HTTP requests received from users. This vulnerability can be critical, enabling attackers to bypass security controls, access sensitive data, and compromise other use…
Category: Interesting Stuff
In a recent engagement I had to deal with some custom encrypted strings inside an Android ARM64 app. I had a lot of fun reversing the app and in the process I learned a few cool new techniques which are discussed in this writeup. This is mostly a beginner guide which explains step-by-step how you ca…
This post is just checking correctness of running payload via EnumDesktopsA in Nim programming language. EnumDesktopsA function passes the name of each desktop to a callback function defined by the application: BOOL EnumDesktopsA( HWINSTA hwinsta, DESKTOPENUMPROCA lpEnumFunc, LPARAM lParam ); p…
If you’re pentesting web applications, you certainly come across a lot of JavaScript. Nearly every web application nowadays is using it. Frameworks like Angular, React and Vue.js place a lot of functionality and business logic of web applications into the front end. Thus, to thoroughly pentest…
Security teams spend a lot of time chasing software vulnerabilities. The fact is, however, that their time would be better spent combating malware because the payoff is better: faster detection, response, and resolution of threats. Here are six reasons why shifting focus away from vulnerability mana…
NCC Group is pleased to open source a new tool built to help Red Teams log their activity for later correlation with the Blue Team’s own logging. What started as a simple internal web based data-collection tool has grown to integrate with Cobalt Strike and BloodHound to improve the accuracy and ease…
Summary: This content discusses Radare, an open-source reverse engineering framework and command-line toolset, and its capabilities for analyzing and exploring various architectures. Threat Actor: N/A Victim: N/A Key Point : Radare is an open-source UNIX-like reverse engineering framework and comman…
Cloudflare automatically detects and mitigates DDoS attacks across its global network using its autonomous edge DDoS detection and mitigation engine. This report includes the DDoS insights and trends as observed on our network. What is a DDoS attack? But first, a quick recap. A DDoS attack, short fo…
Windows operating systems maintain event logs that capture extensive information about the system, users, activities, and applications. These logs primarily help to inform administrators and users, categorized into five levels: information, warning, error, critical, and success/failure audit. For fo…
Security Operations Center (SOC) Tier 1 and 2 analysts play a critical role in protecting organizational assets from threats.
This year’s Real World Cryptography Conference recently took place in Toronto, Canada. As usual, this conference organized by the IACR showcased recent academic results and industry perspectives on current cryptography topics over three days of presentations. A number of co-located events also took…
DID YOU KNOW A CYBERATTACK HAPPENS EVERY 39 SECONDS? This staggering amount underscores the imminent need for cyber security to be treated as a global priority. Moreover, with the explosion of generative AI (besides chatGPT as well!), the current 2200 daily attacks, are expected to not only mul…
In the ever-evolving cybersecurity landscape, staying informed with the latest statistics and trends is not just beneficial—it’s imperative. The year 2024 is shaping up to be pivotal, with threats becoming more sophisticated and industries worldwide grappling with a digital environment that’s more i…
AhnLab SEcurity intelligence Center (ASEC) has been publishing the Online Scams series to inform the readers about the ever-evolving scams. Prevention and blocking are the two most important measures to mitigate the damage inflicted by scams. Various security providers are supporting features to detect and block the damage from scams, financial…
Spain’s most wanted cybercriminal arrested in Romania A mastermind behind the organized crime group responsible for various online fraud schemes has been detained in Bucharest, Romania. The individual, who had been on the run for several years, is linked to over 300 reported fraud cases ac…