Using services such as GitHub or VirusTotal, it is possible to find leaked code signing certificates. For some, the password can be cracked, after which they can be used to sign malicious code. In this blog post I explain this process, including responsible disclosure measures.
Dell's DBUtil kernel driver is vulnerable for an arbitrary kernel memory read/write (CVE-2021-21551). This blog describes how to utilise it in a Cobalt Strike (CS) Beacon Object File (BOF) to perform kernel exploitation. As an example, we escalate privileges to NT AUTHORITY\SYSTEM.
By abusing an HTTP Request Smuggling vulnerability on Outlook Web Access (OWA) for Exchange, it is possible to steal credentials of unsuspecting Active Directory users trying to authenticate to OWA.
Using a mathematical model of security it is possible to calculate the position of roadblocks as (cost) efficiently as possible in case of a direct terrorist threat.
Not Your Average Web Crawler (NYAWC) is a Python package that enables you to crawl web applications for requests instead of URL's. With NYAWC you can execute your malicious payload on all in-scope requests of a web application.
By abusing an insecure cryptographic storage vulnerability and a reflected server cross-site-scripting vulnerability it is possible to steal and decrypt the password from a McDonald's user.
Swift doesn't support placeholders in UITextView's natively, so here is the proper way to implement a placeholder in a UITextView. You can do it yourself in under 1 minute.