Blog

By category:
Karol Mazurek

Explore a detailed case study on detecting vulnerabilities in macOS drivers. Learn how to analyze IOKit, reverse engineer kernel extensions, and debug system crashes using real-world techniques. This guide walks through the discovery of a Denial of Service (DoS) condition in the NS_01 driver within Apple’s IONVMeFamily, offering insights into fuzzing, integer overflow detection, and crash analysis.

Karol Mazurek

Discover how SLAP and FLOP attacks exploit Apple Silicon’s speculative execution vulnerabilities, enabling remote data leaks via web browsers. Learn about their impact, exploitation techniques, and potential mitigations to protect your privacy.

Karol Mazurek

The article explores Task Injection on macOS, detailing how attackers can acquire task ports, allocate memory, and execute arbitrary code within target processes. It demonstrates shellcode creation, memory management, and execution techniques, while examining macOS security mechanisms like taskgated, Hardened Runtime, and platform binary protections. Debugging and injection scenarios are tested, highlighting potential vulnerabilities and secure practices.

Karol Mazurek

The article presents a detailed breakdown of how ISO files can be used to bypass Microsoft Defender SmartScreen protections.

Karol Mazurek

Explore advanced techniques for bypassing anti-execution defenses in corporate environments. This article delves into methods for executing code on hardened systems during Red Team Operations after gaining initial access.

Security updates in Android 15 heading image
Marcin Węgłowski

Take a look at the security & privacy improvements brought to its users in Android 15. The article explores what was changed, how it affects daily users and application developers.

Zbigniew Piotrak

Read about multiple vulnerabilities in IBM i Access Client Solutions software related to connecting AS400 servers. Chaining those vulnerabilities could allow remote attackers to access client and server machines.

Mateusz Wojciechowski

Understand the risks associated with the use of large language models based on the OWASP Top 10 for LLMs list. The article aims to illustrate and explain through examples the vulnerabilities in applications that use LLMs.

Karol Mazurek

This article will guide you in gaining initial access to a target during a Red Team assessment. It is divided into two parts for easy comprehension. The first part details the use of OSINT for Malware delivery, primarily for spear phishing. The second part covers creating malware and making use of evasion techniques. We hope you find this article both informative and enjoyable!

AFINE

This guide explores practical strategies for exploiting FILE READ vulnerabilities. It delves into what File Read vulnerabilities entail, their potential risks, and the underlying vulnerabilities that can lead to them. The content also offers insights into confirming the presence of these vulnerabilities and provides useful tips for addressing them. Additionally, it examines the possible advantages and drawbacks of exploiting these vulnerabilities, along with offering general prevention and detection strategies for web applications.

Is your company secure online?

Join our list of satisfied customers and safeguard your company’s data!

Trust us and leave your contact details. Our team will contact you to discuss the details and prepare a tailor-made offer for you. Full discretion and confidentiality of your data are guaranteed.

Willing to ask a question immediately? Visit our Contact page.