Where do I apply for premium subscription of week days, to get 28h long day option?

Me and withad show how supply chain attacks happen in java: youtu.be/Wcz-Gvm-468?si…

2nd part of Exchange series is live. This time, it's CAB extraction gadget, together with a path traversal in Windows extrac32.exe. I also covered a bypass for Defender CAB signatures (spoiler: quite a simple one). 😅

Inspired by Grzegorz Tworek, I created PoC: EXE-or-DLL-or-ShellCode that can be: Executed as a normal #exe Loaded as #dll + export function can be invoked Run via "rundll32.exe" Executed as #shellcode right from the DOS (MZ) header that works as polyglot stub github.com/Dump-GUY/EXE-o…

Fortinet confirms data breach after hacker claims to steal 440GB of files - Lawrence Abrams bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

If poking AS/400 is your thing, you'll find a lot of good tips and old materials refresher in this talk. Reading IBM Redbooks has never been my favorite thing! AS/400s in network are closer than they appear.

ما معتقدیم که با به اشتراک گذاری، "ما"ی قوی‌تری شکل می‌گیرد و این مای قوی‌تر جهان را به جای امن‌تر و بهتری تبدیل می‌کند. در گزارش فصلی ۱۴۰۳ در #راورو از نزدیک‌تر به گزارش‌های اسیب‌پذیری از جنس امار و ارقام پرداختیم. #Ravro #باگ_بانتی #باگبانتی #Bugbounty ravro.ir/fa/blog/%DA%AF…

This is an incredibly interesting article on how an attacker can send a malicious payload only if the curl request is piped to (ba)sh Example: curl sh.rustup.rs -> non malicious curl sh.rustup.rs | sh -> malicious web.archive.org/web/2024042313… Gif from article:

And here are the slides from the talk: docs.google.com/presentation/d… Thanks for the nice words Heather Adkins - Ꜻ - Spes consilium non est