Galactical Bug Hunting: How we discovered new issues in CD Projekt Red’s Gaming Platform
As a researcher I often run into situations in which I need to make a compiled binary do things that it wouldn’t normally do or change the way it works in some way. Of course, if one…
![Galactical Bug Hunting: How we discovered new issues in CD Projekt Red's Gaming Platform - Anvil Secure](https://lemmy.world/pictrs/image/d9f7185f-f21e-41f1-9345-05475eb38ef9.jpeg?format=webp&thumbnail=256)
Wifi credential dumping
This blog won't dive into any of the mentioned WIFI attacks, but will highlight techniques to retrieve the PSK from a workstation post-compromise instead.
![WIFI Credential Dumping: Techniques to retrieve the PSK from a workstation post-compromise](https://lemmy.world/pictrs/image/39902dc5-8ff2-4a49-b83f-13bc67e883b8.jpeg?format=webp&thumbnail=256)
Lass Security's recent research on AI Package Hallucinations extends the attack technique to GPT-3.5-Turbo, GPT-4, Gemini Pro (Bard), and Coral (Cohere).
![Diving Deeper into AI Package Hallucinations](https://lemmy.world/pictrs/image/ae823e88-01ad-4a11-ae5e-dfebae4bfb69.png?format=webp&thumbnail=256)
Security Advisory: Systems with a SONIX Technology Webcam vulnerable to DLL hijacking attack allowing attackers to execute malicious DLL and escalate privileges
Advisory ID: usd-2023-0029 | Product: SONIX Technology Webcam | Vulnerability Type: CWE 732 - Incorrect Permission Assignment for Critical Resource
![usd-2023-0029 - usd HeroLab](https://lemmy.world/pictrs/image/32f5da5d-af2b-499c-a759-65f996987290.jpeg?format=webp&thumbnail=256)
unch 😗: Hides message with invisible Unicode characters
Hides message with invisible Unicode characters. Contribute to dwisiswant0/unch development by creating an account on GitHub.
![GitHub - dwisiswant0/unch: Hides message with invisible Unicode characters](https://lemmy.world/pictrs/image/7b0d7678-1da6-4d51-a23c-c5c52a49927e.png?format=webp&thumbnail=256)
Gram - Self-hosted Threat Modeling Webapp
Gram is Klarna's own threat model diagramming tool - klarna-incubator/gram
![GitHub - klarna-incubator/gram: Gram is Klarna's own threat model diagramming tool](https://lemmy.world/pictrs/image/7efb1895-4739-4a1b-8190-80c280859a48.png?format=webp&thumbnail=256)
Kobold letters – Why HTML emails are a risk to your organization
Anyone who has had to deal with HTML emails on a technical level has probably reached the point where they wanted to quit their job or just set fire to all the mail clients due to their inconsistent implementations. But HTML emails are not just a source of frustration, they can also be a serious sec...
![Kobold letters – Lutra Security](https://lemmy.world/pictrs/image/9abbf025-be2c-4ad7-93c2-2a2ab10a5f31.png?format=webp&thumbnail=256)
Showcasing Incinerator a Powerful Android Malware Reversing Tool
Master Android malware reversal with ease using Incinerator, your trusted ally in the fight against threat actors for experts and novices alike.
![Incinerator: The Ultimate Android Malware Reversing Tool](https://lemmy.world/pictrs/image/461c827c-26c9-4f46-9233-c77b13efd2cd.webp?format=webp&thumbnail=256)
Attacking Active Directory Certificate Service Part 2
I hope you've read the Part-1 of this blog series on basics of AD CS in the environment. In the Part-1 of this blog series, We looked at how we can setup certificate templates or uses the 'User' template to enroll our Windows 7 Minor User with AD CS services. So far we got
![Attacking AD Certificate Services - Part 2](https://lemmy.world/pictrs/image/a8fbfe72-61b0-4cb9-af5d-31256e675ba5.jpeg?format=webp&thumbnail=256)
Persistence - DLL Proxy Loading
DLL Proxy Loading is a technique which an arbitrary DLL exports the same functions as the legitimate DLL and forwards the calls to the legitimate DLL in an attempt to not disrupt the execution flow…
![Persistence – DLL Proxy Loading](https://lemmy.world/pictrs/image/e9c640c9-ce0a-4d7d-8e55-8b185c33ff4f.png?format=webp&thumbnail=256)
Adventures in Stegoland - Adventures with a stego shellcode loader
Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team
![Tier Zero Security](https://lemmy.world/pictrs/image/f8659971-d8ac-4c71-bcdd-c89737c3e414.png?format=webp&thumbnail=256)
See how Oligo ADR Detects Exploitation of CVE-2024-3094 (XZ backdoor in liblzma).
![XZ-actly What You Need (CVE 2024-3094): Detecting Exploitation with Oligo](https://lemmy.world/pictrs/image/55c957d6-d579-4e3a-80c9-f6a5102a5899.png?format=webp&thumbnail=256)
An IBIS hotel check-in terminal leaked room door key codes of almost half of the rooms.
![IBIS hotel check-in terminal keypad-code leakage](https://lemmy.world/pictrs/image/77dfc21a-b131-42c2-a700-f7f17c8fda84.jpeg?format=webp&thumbnail=256)
NetScout - An OSINT tool I've been working on that finds domains, subdomains, directories and files based on a given URL
OSINT tool that finds domains, subdomains, directories, endpoints and files for a given seed URL. - caio-ishikawa/netscout
![GitHub - caio-ishikawa/netscout: OSINT tool that finds domains, subdomains, directories, endpoints and files for a given seed URL.](https://lemmy.world/pictrs/image/0d43fa1c-9382-4647-8091-c516a203fcdd.png?format=webp&thumbnail=256)
Xzbot: exploit demo for the xz backdoor (CVE-2024-3094)
notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094) - amlweems/xzbot
![GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)](https://lemmy.world/pictrs/image/ad9990be-fca9-4c58-a655-36f28bbd3992.png?format=webp&thumbnail=256)