Detailed Analysis of Red Eyes Group (Geumseong121,Group 123,ScarCruft,APT37,Reaper, Ricochet ChollimaAPT37)
Foreshadow:Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution(L1TF-CVE-2018-3620&CVE-2018-3646)
Use-after-free (UAF) Vulnerability CVE-2018-8373 in VBScript Engine Affects Internet Explorer to Run Shellcode
Windows Exploitation Tricks: Exploiting Arbitrary Object Directory Creation for Local Elevation of Privilege
Let us explore the "tangled world" of web technology : XSS, ServiceWorker, CSP, Script Gadgets, Redirection
New powershell tool to phish for user credentials using existing applications as a (realistic) cover
iOS jailbreak internals, explaining the indirect userland DMA feature, GPU notification internal mechanism with bugs across two different modules to get kernel code execution
tools param-miner:BURP extension to identify hidden, unlinked parameters. It's particularly useful for finding web cache poisoning vulnerabilities.
tools BrokenType is a set of tools designed to test the robustness and security of font rasterization software, especially codebases prone to memory corruption issues (written in C/C++ and similar languages).
tools Implements the POP/MOV SS (CVE-2018-8897) vulnerability by leveraging SYSCALL to perform a local privilege escalation (LPE).