71 matches found
exploit_kernel
e...
xss-payloads
xss...
vulnhub-machines-writeups
vulnhub-machines-writeups Collec...
Command-Injection-Lab
No d...
portswigger-labs-writeups
portswigger-labs-writeups Complete writeups for P...
Welcome to the new Project Zero Blog
Posted by Natalie Silvanovich While on Project Zero, we aim for our research to be leading-edge, our blog design was … not so much. We welcome readers to our shiny new blog! For the occasion, we asked members of Project Zero to dust off old blog posts that never quite saw the light of day. And...
EUVD-2018-12104
Malware in sbrugna...
EUVD-2025-5298
Malicious code in bioql PyPI...
low-level-exploits
lowlevelexploit https://www...
A Systematic Approach to Predict the Impact of Cybersecurity Vulnerabilities Using LLMs
Vulnerability databases, such as the National Vulnerability Database NVD, offer detailed descriptions of Common Vulnerabilities and Exposures CVEs, but often lack information on their real-world impact, such as the tactics, techniques, and procedures TTPs that adversaries may use to exploit the...
TEE-reversing
This repository is an offensive tool for learning how to reverse-engineer and achieve trusted code execution on ARM devices. It contains a curated list of public TEE resources, including papers on TEE reversing and security analysis. The repository includes links to various papers and resources o...
Server-Side Template Injection Vulnerabilities and Exploitation Techniques
Research article called Server-Side Template Injection SSTI Vulnerabilities and Exploitation Techniques. The paper provides a structured methodology for detecting and exploiting SSTI vulnerabilities across multiple template engines, along with real-world case studies and mitigation strategies...
Exploit for Stack-based Buffer Overflow in Ivanti Connect_Secure
CVE-2025-0282 Ivanti Connect Secure IFT TLS Stack Overflow pre...
Exploits and vulnerabilities in Q2 2024
Q2 2024 was eventful in terms of new interesting vulnerabilities and exploitation techniques for applications and operating systems. Attacks through vulnerable drivers have become prevalent as a general means of privilege escalation in the operating system. Such attacks are notable in that the...
The Windows Registry Adventure #1: Introduction and research results
Posted by Mateusz Jurczyk, Google Project Zero In the 20-month period between May 2022 and December 2023, I thoroughly audited the Windows Registry in search of local privilege escalation bugs. It all started unexpectedly: I was in the process of developing a coverage-based Windows kernel fuzzer...
Ransomware on the Move: Evolving Exploitation Techniques and the Active Pursuit of Zero-Days
...
Ransomware on the Move: Evolving Exploitation Techniques and the Active Pursuit of Zero-Days
...
Weekly Digest 30 May – 5 June 2022
Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 412 24 1 45 3 13 For a detailed threat digest, download the pdf file here Summary The first week of June 2022 witnessed the discovery of 412 vulnerabilities out of which 2...
How to Exploit SQL Server Using OLE Automation
As part of the Imperva Research Labs we have the opportunity to examine various security scenarios. In this post, we will consider database security on SQL Server. One standard method that security practitioners use to protect databases is deploying honeypots and waiting for hackers to take the...
LazyScripter: From Empire to double RAT
Malwarebytes’ Threat Intelligence analysts are continually researching and monitoring active malware campaigns and actor groups as the prevalence and sophistication of targeted attacks rapidly evolves. In this paper, we introduce a new APT group we have named LazyScripter, presenting in-depth...