Yesterday we got P2 at saarCTF 💪Thanks to saarsec for the very nice services and gg to Bushwhackers for beating us!

Just finished implementing EkkoEx (thanks 5pider lol) on CS. Man sleep masks work in pretty mysterious ways lol

An amazing talk was given by Rad in his OnlyMalware (discord.gg/onlymalware) discord server. check it out. youtube.com/watch?v=L9SI-P…

🗓️Save the date!🗓️ m0leCon 2023 will take place on December 2nd at Politecnico di Torino More info coming soon! m0lecon.it

A vulnerability I've reported to Google VRP (Google Bug Hunters) was recently made public. TL;DR: Chrome implements credentialless iframes which should have a dedicated ephemeral cookie jar - I've found a way to break outside of it using ServiceWorkers to access long lived cookies.

Got some new remote exec method and it seems fire. Gotta keep researching☕

"Never stop learning" - with this in mind, we couldn't have missed such a great opportunity! If you are attending these amazing training sessions too, make sure to meet our very own teammates: TheZero 🍉 on BlueSky, Petar Jr. Pranic, and @madt1m_, to talk about IT shenanigans!

\x09 === \x39 👀 Hex this unknown 🤷‍♂️

My first research and tool are finally out. If you want to deep dive into some CLR internals and understand how we can abuse it to blend-in within its own logic go check it out. Hope you'll enjoy the read. ipslav.github.io/2023-12-12-let…

🎉 Cheers hackers! 🎊 As we bid farewell to 2023, let's celebrate together! 🎁 Like, follow, and retweet for a chance to WIN a €30 coupon for swag.shielder.com! 🏆 3 winners will be selected by EOY! #giveaways #swag

During a recent Red Team Assessment TheZero 🍉 on BlueSky and smaury discovered a vulnerability in PostgreSQL's #PgAdmin which in the worst case allows unauthenticated attackers to run arbitrary server-side code. Check out the #RCE advisory and patch now! shielder.com/advisories/pga…

Back in December 2023 our researchers TheZero 🍉 on BlueSky Pit and Mindless performed an audit sponsored by Amazon Web Services and facilitated by OSTIF Official on boost. It resulted in 7 findings and 15 new fuzzers. The report is now public, check the details here: shielder.com/blog/2024/05/b…

The advisories about my first CVEs are finally public, big thanks to all the seniors that assisted me during the research!

🍎 With many #macOS security mechanisms at work, one might wonder how malware manages to bypass them. Get ready for a deep dive into macOS security architecture and novel evasion techniques during Pietro Tirenna's (Pit) talk at #TheSAS2024. 🚀 Secure your seat:

Our very own Pit will present his novel #macOS research at TheSAS2025 - if you want to learn more about the macOS sandbox and how to escape it make sure to be in Bali 🏝️ from Oct 22 to Oct 25 at #TheSAS2024

Attending TheSAS2025 in the beautiful Bali🏝️? Make sure not to miss Pit's talk about his novel research on the macOS 🍎 sandbox and how to bypass it. 🗓️ Wednesday, October 23 - 15:10

🚨 New Open Source Audit Alert! 🚨 Shielder, with OSTIF Official & CNCF, audited Karmada: 🔍 6 issues found (1 high, 1 medium, 2 low, 2 info) ✔️ Most fixed, others planned. 🗣️ to Pit and TheZero 🍉 on BlueSky Full details in the blog post! shielder.com/blog/2025/01/k…

Hey hackers! We’ve started sending out the first invites — check your inbox! 👀 Didn’t get one? Take the fast track and submit a talk!

Last week Apple released MacOS 13.4 which contains a fix for a vulnerability Pit exploited to escape the Sandbox. Update now and stay tuned for the technical details! Ref: support.apple.com/en-us/122373