In November of 2022, BlockSec sounded the alarms: funds had been successfully drained from SushiSwap. They contacted the Sushi security team to try to remediate the situation. There are functional...

Breakdown of a key features stored in LummaC2 Stealer

This post has a title that alludes to a famous MEV exploit article called Ethereum is a Dark Forest. In that story, the author of a post found some funds laying around that anybody could capture....

This is a classic horror story on MEV bots in Ethereum. Read at your own discretion (and craziness). While on Discord, the author of this post received a question on Uniswap: "is it possible to...

Microsoft identified a destructive operation executed by MuddyWater (also known as MERCURY or Mango Sandstorm), a threat actor attributed to the Iranian government, in partnership with “DarkBit”...

Learn what tools and data sources you need to use in cloud forensics investigation and how they come into practice in a real-life example.

In the world of cryptocurrency, there are many bots who are attempting to make money on the eco-system. If a bot sees an arbitrage opportunity or a sandwich, it will see it and try to make money...

Intro I wrote a tool to help with cracking of hashes, today I finally decided to blog about it. The idea was to take what I’d learned about common patterns in passwords, and put my experience into...

The author of this post has a very young daughter. They wanted to protect their kid from bad content on the internet using the child protective services. First, they needed to make sure it was...

Command injection is a well known bug where user input is concatenated with a bash command. Because of the string concatenation, an attacker can inject things like ` or ; to execute a different...

Have you ever wanted to participate in Pwn2Own!? The author of this post took the jump into competing at this hacking event. They were part of a team with 2 other players trying in the routers,...

In October of 2022, the source code of the BIOS for Intel's Alder Lake platform was leaked. While poking around the code, the author found a pretty devastating vulnerability. System Management...

Answerdev is a question-and-answer platform written in Go. The original post is at here but the translation is what I used above since I don't read anything besides English. Using can upload...

Microsoft Azure's Business To Customer (B2C) Active Directory (AD) service allows for a customer to create a website with AD for authentication that customers can use to create accounts. Using...

On the 31st of October 2022, a PR on CrackMapExec from Thomas Seigneuret (@Zblurx) was merged. This PR fixed Kerberos authentication in the CrackMapExec framework. Seeing that, I instantly wanted...

Authored By Anandeshwar Unnikrishnan,Sakshi Jaiswal,Anuradha M McAfee Labs has recently observed a new Malware campaign which used malicious OneNote documents... The post The Rising Trend of...

BonqDAO is a non-custodial, over-collateralized lending protocol on the Polygon blockchain. This project allows for any protocol to borrow against their own token at a zero percent interest rate....

On 2023-03-30, a campaign was reported, involving an unknown actor, gaining initial access via Unknown, to achieve Data exfiltration. The following tools were observed: AlienFox.

How a misconfiguration in a Microsoft Bing.com application allowed Wiz Research to modify Bing’s search results – and potentially compromise the private data of millions of Bing users

How Wiz Research found a common misconfiguration in Azure Active Directory that compromised multiple Microsoft applications, including a Bing management portal

CISOs share their experiences ensuring security in fast-growth environments.

In March 2023, a North Korean threat actor (dubbed “SmoothOperator”) gained access to 3CX (VoIP vendor) and inserted a backdoor into their desktop product, which was used for targeting some of...

On a recent red-team I was given a client laptop from which I was expected to simulate an insider-threat/employee laptop compromise scenario over their VPN. I was given a normal employee user...

This summary provides an overview of APT attacks on industrial enterprises and activity of groups that have been observed attacking industrial organizations and critical infrastructure facilities.

On 2023-03-24, a campaign was reported, involving ChinaZ, gaining initial access via , while using Misconfigured SSH abuse,.

Wiz launches a new Canadian data center and adds support for CSE Information Technology Security Guidance (ITSG) 33 framework helping organizations simplify cloud security and compliance.

When handling loans in the land of DeFi, extra considerations need to be taken compared to the real world. There are two main parties with loans: lender and borrower. The lender is the entity...

On 2023-03-23, a campaign was reported, involving an unknown actor, gaining initial access via 1-day vulnerability, to achieve Resource hijacking.

Some application misconfigurations are equivalent to remote code execution or information disclosure vulnerabilities, but often go unnoticed. Wiz’s agentless capabilities detect these and...

Derek Banks // Living Off the Land Binaries, Scripts, and Libraries, known as LOLBins or LOLBAS, are legitimate components of an operating system that threat actors can use to achieve […] The post...