As Red Teamers, we need an OPSEC safe method to execute shellcode via a range of initial access vectors. Things are getting more and more difficult with Endpoint Detection and Response (EDR) products [...]
The AI Safety Summit 2023, a seminal event hosted by the UK Prime Minister at the historic Bletchley Park, marked a pivotal moment in the evolution of the security of Artificial Intelligence. This [...]
In recent years, the rise of Artificial Intelligence (AI) has been nothing short of remarkable. Among the various applications of AI, chatbots have become prominent tools in customer service, support, and various other [...]
For the second year running, LRQA Nettitude took part in the well-known cyber security competition Pwn2Own, held in Toronto last week. This competition involves teams researching certain devices to find and exploit vulnerabilities. [...]
Built into the Microsoft C++ compiler and runtime, CastGuard is a pivotal security enhancement designed to significantly reduce the number of exploitable Type Confusion vulnerabilities in applications. Joe Bialek gave a talk about [...]
This article provides a technical analysis of Zenbleed, a side-channel attack affecting all AMD Zen 2 processors. Tavis Ormandy reported this vulnerability to AMD on 15 May 2023 and it was assigned CVE-2023-20593. [...]
The exploding popularity of AI and its proliferation within the media has led to a rush to integrate this incredibly powerful technology into all sorts of different applications. What remains unclear though is [...]
“The quieter you become, the more you are able to hear.” This is the tagline associated with Kali Linux, a Linux distribution used by security researchers, penetration testers, and hackers alike. In the [...]
ETWHash is a small C# tool used during Red Team engagements, that can consume ETW SMB events and extract NetNTLMv2 hashes for cracking offline, unlike currently documented methods. GitHub: https://github.com/nettitude/ETWHash Microsoft ETW (Event [...]
A common objective of physical assessments is placement of a drop box to establish communication out of the network environment. A few years ago, the choices were limited to NUC or a Raspberry [...]