Post-exploiting a compromised etcd – Full control over the cluster and its nodes.Tool Release: Magisk Module – Conscrypt Trust User Certs.Demystifying Cobalt Strike’s “make_token” Command.Don’t throw a hissy fit defend against Medusa.Public Report – WhatsApp Auditable Key Directory (AKD) Implementation Review.The Spelling Police: Searching for Malicious HTTP Servers by Identifying Typos in HTTP Responses.Is this the real life? Is this just fantasy? Caught in a landslide, NoEscape from NCC Group.Technical Advisory: Adobe ColdFusion WDDX Deserialization Gadgets.Technical Advisory: Sonos Era 100 Secure Boot Bypass Through Unchecked setenv() call.NCC Group’s 2022 & 2023 Research Report.
Technical Advisory – Multiple Vulnerabilities in Nagios XI.Public Report – Aleo snarkVM Implementation Review.Reverse, Reveal, Recover: Windows Defender Quarantine Forensics.Public Report – Security Review of RSA Blind Signatures with Public Metadata.Retro Gaming Vulnerability Research: Warcraft 2.
