Research Hub

You just found a Java deserialization bug, you ran all your ysoserial payloads, and.... you got nothing. Now what? How can you debug or build a gadget chain if you're …

Read Story

Did you know that Elastic Block Store (Amazon EBS) has a "public" mode that makes your virtual hard disk available to anyone on the internet? Apparently, hundreds of thousands of …

Read Story

Investigating PrivEsc Methods in AWS In 2018, Spencer Gietzen wrote an excellent article on privilege escalation in AWS, identifying 21 separate methods across various AWS services. I have often used Spencer’s …

Read Story

Although the Electron framework has gained popularity in recent years for simplifying desktop application development, many still consider it inherently insecure. This blog examines how various Electron exploits work and …

Read Story

This is the companion dictionary of the Cybersecurity Style Guide. The cyber.dic dictionary file can be added to your word processor to augment its standard spellcheck list. This is a resource …

Read Story

Eyeballer is an AI-powered, open source tool designed to help penetration testers assess large-scale external perimeters. About Eyeballer Give those screenshots of yours a quick eyeballing. Eyeballer is meant for …

Read Story

Introducing ZigDiggity, a ZigBee testing framework created by Bishop Fox. About ZigDiggity ZigDiggity version 2 is a major overhaul of the original package and aims to enable security auditors and developers to run …

Read Story

Cross-platform General Purpose Implant Framework Written in Golang Senior Security Associate Joe DeMesy and Security Associate Ronan Kervella are the researchers behind the creation and maintenance of Sliver. They introduced …

Read Story

Subscribe by Email