OUR LATEST RESEARCH
Emulation with Qiling
Qiling is an emulation framework that builds upon the Unicorn emulator by providing higher level functionality such as support for dynamic library loading, syscall interception and more. In this Labs post, we are going to [...]
CVE-2024-20356: Jailbreaking a Cisco appliance to run DOOM
The Cisco C195 is a Cisco Email Security Appliance device. Its role is to act as an SMTP gateway on your network perimeter. This device (and the full range of appliance devices) is heavily locked [...]
Introducing the MLCommons AI Safety v0.5 Proof of Concept
Artificial Intelligence (AI) has been making significant strides in recent years, with advancements in machine learning and deep learning techniques. However, as AI systems become more complex and powerful, ensuring their safety becomes increasingly critical. [...]
Flaw in PuTTY P-521 ECDSA signature generation leaks SSH private keys
This article provides a technical analysis of CVE-2024-31497, a vulnerability in PuTTY discovered by Fabian Bäumer and Marcus Brinkmann of the Ruhr University Bochum. PuTTY, a popular Windows SSH client, contains a flaw in its [...]
Introducing SharpConflux
Today, we are releasing a new tool called SharpConflux, a .NET application built to facilitate Confluence exploration. It allows Red Team operators to easily investigate Confluence instances with the goal of finding credential material and [...]