HITB Phuket 2023 – Exploiting the Lexmark PostScript Stack.From ERMAC to Hook: Investigating the technical differences between two Android malware variants.On Multiplications with Unsaturated Limbs.Introduction to AWS Attribute-Based Access Control.Public Report – Caliptra Security Assessment.Public Report – Zcash FROST Security Assessment.Unveiling the Dark Side: A Deep Dive into Active Ransomware Families.Technical Advisory: Insufficient Proxyman HelperTool XPC Validation.Popping Blisters for research: An overview of past payloads and exploring recent developments.D0nut encrypt me, I have a wife and no backups.
Post-exploiting a compromised etcd – Full control over the cluster and its nodes.Tool Release: Magisk Module – Conscrypt Trust User Certs.Demystifying Cobalt Strike’s “make_token” Command.Don’t throw a hissy fit defend against Medusa.Public Report – WhatsApp Auditable Key Directory (AKD) Implementation Review.The Spelling Police: Searching for Malicious HTTP Servers by Identifying Typos in HTTP Responses.
