Explore how GitLab self-hosted runners can be repurposed as a fully functional Command and Control framework using a legitimate, digitally signed binary. Covers the GitRunner C2 proof-of-concept, execution model via CI pipelines, file transfer through GitLab Artifacts, and a detailed detection walkthrough with real Wazuh and Sysmon events, MITRE ATT&CK mapping, and high-fidelity detection rules.

Uncover a critical misconfiguration in homebanking enabling MitM phishing attacks on bank logins via plain HTTP fallback. Explore the vulnerability timeline, PoC with Bettercap and Evilginx2, and essential best practices for users and admins to enforce HTTPS and prevent credential theft.

Discover how a red team compromises critical infrastructure by reversing SCADA software, escalating privileges in Active Directory, and pivoting across IT/OT networks. Key insights on vulnerabilities, misconfigurations, and defense strategies for secure essential services.

Explore exploiting Sybase EAServer vulnerabilities, default jagadmin credentials grant web console access, enabling custom WAR web shell uploads for command execution. Learn pivoting via reGeorg tunneling, RDP connections, and key lessons on hardening legacy systems.

Discover the nOAuth vulnerability in Azure AD OAuth apps, enabling account takeover via email forgery. This guide demos exploitation using FusionAuth PoC, covering setup of multi-tenant apps, attacker impersonation techniques, impacts like auth bypass and privilege escalation, plus mitigations with immutable claims and MFA.

Delve into obfuscation techniques for Rust binaries using LLVM Obfuscator (OLLVM) to enhance code protection against reverse engineering. Key tips on implementation, effectiveness, and trade-offs for developers securing their applications.

Introduction During RealWorldCTF 2022 there was a RE challenge named “Ferris Proxy”. The challenge includes 2 executables (client and server) and a TCP packet capture file (pcap) that contains dat...

Introduction Inspired by some tools (rebeyond Behinder, AntSword) and CTF challenges, I decided to make a project that facilitates the loading of Java classes into remote computers (or targets). ...

Presentation about hooking technique to intercept and modify IL code when passed to Just-in-Time compiler of .NET applications.

Analysis of Samourai Wallet's PIN authentication reveals bypass via app restarts, resetting stateless failure counters. Key is GUID + PIN, used in PBKDF2-HMAC-SHA256 (15,000 iterations) for AES-256-CBC decryption of wallet data. Brute-force 111M possible 5-8 digit PINs feasible in ~140 days on basic hardware. Takeaway, Weak auth risks Bitcoin theft on compromised devices.