Crecen los exploits, y vuelven a situarse en el centro del panorama de ciberseguridad. Nuevos datos del informe Kaspersky Exploits and Vulnerabilities in Q2 2025 revelan que tanto usuarios de Windows como|
El panorama de la ciberseguridad en 2025 confirma lo que muchos analistas temían: los exploits siguen siendo la herramienta preferida […]| OpenSecurity
Find out why microsegmentation is an increasingly popular option for supporting zero trust networking approaches.| BlackFog
Learn about the risk posed by zero day security exploits and what firms can do to minimize their exposure to these issues.| BlackFog
“So we wait, this is our […]| hn security
It's more like computer security theater than actual security| boston.conman.org
In the previous article, we discussed […] The post CVE-2024-49138 Windows CLFS heap-based buffer overflow analysis – Part 2 appeared first on hn security.| hn security
CVE-2024-49138 is a Windows vulnerability detected […]| hn security
Flaws in Linux CUPS printing system create a potential for sequential exploitation and remote code execution.| Gridinsoft Blogs
In the last part of this […]| hn security
Those in the crypto ecosystem have witnessed an extraordinary level of wealth creation since Satoshi Nakamoto first introduced Bitcoin in 2009; just this year, the overall capitalization of digital assets has soared to $3.5 trillion from under $1.8 trillion at the start of the year. On the flip side, there ...| Unchained
After attending the OST2 – Exp4011 […]| hn security
I’ve been planning to do this write-up for a while now, but I decided to wait for at least 40 days after reporting this bug before disclosing it, as it concerns the e-class software used by most universities in Greece. The bug reported here has indeed been fixed on the same day that I reported it, so the first part of this shouldn’t be possible anymore. I’m also glad to see my own university’s e-class has been updated to the latest version, which is safe against this. The e-class soft...| nikofil’s blog
This exploit was brought to you by “reading the manual”, mostly. It is the second local privilege escalation I found while doing an extremely low effort audit of Zimbra. You should read…| Darren Martyn
During exploitation of ELF binaries, it is quite common that one needs to find a writable memory region: a writable “cave”. In this post I’ll present two generic techniques to fin…| Eyal Itkin
This is just a quick post about some of the stuff behind an exploit I wrote for CVE-2020-7373. If you want to know more about the vulnerability itself, I’d suggest reading this blog post by z…| Darren Martyn
The AVE.CMS versions less than 2.09 suffer from a remote blind SQL injection vulnerability in the “module” parameter. AVE.CMS is prone to an SQL-injection vulnerability because it fails…| Ghost in the Lab
Εισαγωγή H προστασία Data Execution Prevention (αποτροπή εκτέλεσης δεδομένων) ή εν συντομία DEP, αποτελεί ένα σύνολο τεχνολογιών Hardware (υλικού) και Software (λογισμικού) που πραγματοποιούν πρόσθ…| Ghost in the Lab
Πριν από μερικές μέρες, για τις ανάγκες ενός project, κατέβασα την freeware εφαρμογή CPE17 Autorun Killer (AntiAutorun), η οποία έχει σκοπό της, την διαγραφή των ύποπτων “autorun.inf” α…| Ghost in the Lab
PMSoftware Simple Web Server 2.2-rc2: The easy and small way to open an HTTP Web Server. Now HTTP/1.1 compliant, RTSP/1.0, PAWN and LUA plugins A Simple Web Server (for example can be used t…| Ghost in the Lab
The following vulnerable application (server.exe) was part of the Appsec Research 2012 University Challenge. Goal: To open a command shell on the server with privileges of the vulnerable echo serve…| Ghost in the Lab
O Ανέστης Μπεχτσούδης (@anestisb) πριν από μερικούς μήνες, όντας καλεσμένος στο 3ο κατά σειρά UNAUTHORIZED – security meeting (401×003), που έλαβε χώρα στο Hackserpace Αθήνας, παρουσίασε την εφαρ…| Ghost in the Lab
With the release of macOS Catalina in October, Apple rolled out a set of interesting new features collectively called System Extensions. System Extensions are a set of user space frameworks encouraging developers who currently maintain and ship kernel extensions to move their features to user space for increased security and stability. One of these new frameworks is the Endpoint Security framework. As a security researcher this framework is of special interest. It’s intended to provide a pu...| Scott Knight