Blog

The Art Of Hiding In Windows

The intricate dance between cyber defenders and adversaries plays out daily in the vast digital playground of the Windows operating system. As the dynamics of this age-old game evolve, the strategies employed by both sides have grown increasingly nuanced. The line between cybersecurity professionals and cybercriminals blurs when it comes to mastering the art of evasion within Windows. In this deep dive, we’ll unpack the tactics, techniques, and procedures that render these actors invisible in plain sight.

Threat Intel Roundup: DeadGlypH, T-Mobile, Juniper SRX, JetBrains TeamCity

Week in Overview(19 Sep-26 Sep) Key Findings it is crucial for organizations and individuals to prioritize remediation and patching efforts to safeguard their systems and data. The following key findings highlight the importance of proactive measures to mitigate risks associated

Secret of System32

The Windows operating system, a cornerstone of personal and professional computing, is underpinned by a myriad of critical files that ensure its seamless operation. Central to this intricate web of files is the System32 directory, a vital component that houses

Threat Intel Roundup: CoinEx, Azure Dataleak, Kafka, Lumma

Week in Overview(14 Sep-19 Sep) Technical Summary Silent Skimmer Campaign CVE-2023-34040 – Spring Kafka Deserialization RCE Vulnerability North Korean Lazarus Group’s Involvement in Cryptocurrency Hacks Microsoft AI Data Exposure of 38 Terabytes Exploitation of “search-ms” URI Protocol Handler Distributing XWorm

Pi-hole Attack Surface EBook

A network-wide ad-blocking tool with the capability to execute arbitrary commands. Executive Summary Path Traversal to RCE via teleporter.php and zip_file Parameter: The teleporter.php script in Pi-hole and zip_file parameter, which handles the import and export of settings, contains a

Pi-hole Attack Surface

Threat Intel Roundup: Lazarus, Lumma, Superset, RocketMQ

Week in Overview(5 Sep-12 Sep) Technical Summary Key Findings it is crucial for organizations and individuals to prioritize remediation and patching efforts to safeguard their systems and data. The following key findings highlight the importance of proactive measures to mitigate

Rocket.Chat IOS Application (EBook)

A modern iOS application that exposes your account token and runs arbitrary commands. Executive Summary Exposed API Key in GET URL (/api/v1/users.info?userId): RTLO Character Injection in Chat:

What Is Rocket.Chat For IOS Application?

In our digital-first era, the dynamic cybersecurity landscape evolves with new threats and vulnerabilities daily. It’s a race between security professionals and cyber adversaries. Two vulnerabilities that have recently emerged concern exposed API keys in URLs and the malicious use of Right-to-Left Override (RTLO) character injections in chat platforms. This article dives deep into understanding these vulnerabilities, their implications, and the best practices to remediate them.

Threat Intel Roundup: QakBot, Ignition, RICHIESTA DI PAGAMENTO

Week in Overview(28 Aug-5 Sep) Technical Summary Apache Ignition Unauthenticated Remote Code Execution Vulnerability CVE-2023-37895 Apache Jackrabbit RMI #RCE Exploitation of MinIO Storage System Vulnerabilities Phishing Campaign Targeting Italian Audience – RICHIESTA DI PAGAMENTO 04/09/2023 QakBot Takedown – Bot Connections

Redmine Attack Surface(EBook)

XSS to Account Takeover with Read CSRF-Token in Body: CSV Injection Leading to OS Command Execution:

REDMINE Attack Surface

In the rapidly evolving landscape of cybersecurity, understanding the nuances of various vulnerabilities becomes paramount. Two potent threats have been making headlines recently: Cross-Site Scripting (XSS) and CSV Injection. Both exploits differ in their methodologies but share a common objective — compromise system integrity and data security. This article offers insights into these vulnerabilities, their impacts, and the pressing need for robust cybersecurity measures.

The Art Of Hiding In Windows

Threat Intel Roundup: DeadGlypH, T-Mobile, Juniper SRX, JetBrains TeamCity

Secret of System32

Threat Intel Roundup: CoinEx, Azure Dataleak, Kafka, Lumma

Pi-hole Attack Surface EBook

Pi-hole Attack Surface

Threat Intel Roundup: Lazarus, Lumma, Superset, RocketMQ

Rocket.Chat IOS Application (EBook)

What Is Rocket.Chat For IOS Application?

Threat Intel Roundup: QakBot, Ignition, RICHIESTA DI PAGAMENTO

Redmine Attack Surface(EBook)

REDMINE Attack Surface

Services and Products

"Hadess" is a cybersecurity company focused on safeguarding digital assets and creating a secure digital ecosystem. Our mission involves punishing hackers and fortifying clients' defenses through innovation and expert cybersecurity services.

Contact Us

Contact Us

About Us

DevSecOps Guide

Red Team Guide

Copyright@2024_All Rights Reserved

Free Consultation

For a Free Consultation And Analysis Of Your Business, Please Fill Out The Opposite Form, Our Team Will Contact You As Soon As Possible.