Security Boulevard

Centurion: Bring Your Own Execution Environment

Writing my own virtualized loader is something I’ve been wanting to do since I first read Microsoft’s deep dive on FinFisher’s multi-layered VM obfuscation back in 2018. FinFisher didn’t just use one ...
GitHub

CVE-2023-4911-Looney-Tunables

In computing, a dynamic linker is the part of an operating system that loads and links the shared libraries needed by an executable when it is executed, by copying the content of libraries from ...
Microsoft

AI brands as bait: How threat actors are using the AI hype in social engineering

As threat actors operationalize AI to accelerate attacks, they are also leveraging the wider global interest around AI itself ...
CSOonline

Why some security fixes never reach your vulnerability dashboard

CVE was built to track code flaws with fixes. It’s now being stretched to cover malware and supply chain incidents that don’t fit. Agent infrastructure and AI assets are where that drift becomes ...
GitHub

MS17-010 Exploit Code

This is some no-bs public exploit code that generates valid shellcode for the eternal blue exploit and scripts out the event listener with the metasploit multi-handler. This version of the exploit is ...
Computerworld

Industry

Compliance chaos: NY regulators see a data breach — then focus on IT errors When a data breach happens, CISOs aren’t the only ones who should be sweating. New York state officials, for example, ...