The Lab

Smash the stack - Spray the heap - Pwn that shell!    ⬣ ⬣

May 24, 2022

SharpASM / SharpWhispers

Stealthier code execution and direct system calls

See more
March 23, 2022

AWSome CIS Checker

Automating CIS Checks on AWS and performing suggestions on issue groups

See more
Feb. 18, 2022

Escaping VMware’s NSX Edge OS Jailed Shell

CLI injection vulnerability that was discovered during a penetration test against VMware Cloud Director.

See more
Jan. 17, 2022

NimWhispers - direct system calls

This article will present a new tool called NimWhispers based on the work of SysWhispers2 for using syscalls in the Nim programming language.

See more
Nov. 10, 2021

DLL Hollowing

A deep dive into a stealthier memory allocation variant, analyzing advantages, pitfalls and artifacts

See more
Oct. 26, 2021

Exploiting Grandstream HT801 ATA (CVE-2021-37748, CVE-2021-37915)

This article describes two authenticated remote code execution vulnerabilities that we found during a time-bounded security assessment of Grandstream's HT801 Analog Telephone Adapter.

See more
July 12, 2021

Azure Persistence and Detection

Cloud computing is one of the most impactful IT technological advancements in recent years due to perhaps its faster growth rate compared to other technologies in the ICT domain.

See more