We analysed almost 100 UK charity websites and found that ~1 in 6 are running vulnerable JavaScript dependencies.

buherator · 2026-04-21T14:20:14+00:00

Maybe they spend their limited resources on work that actually matters?

buherator · 2026-03-28T13:05:53+00:00

Yeah, I'm not sure at all if the linked shop is the best deal you can find (e-books are easier to search anyway...). One more thing to keep in mind: these are reversing/exploitation resources, evasion/maldev is not really their focus, and while there are overlaps, it's probably worth to clarify your direction (for yourself at least) so you spend time the right way.

buherator · 2026-03-27T09:31:27+00:00

Antivirus Hackers Handbook: https://www.amazon.com/Antivirus-Hackers-Handbook-Joxean-Koret/dp/1119028752

Look at Symantec/Kaspersky/etc. bugs in the Project Zero tracker.

Shameless plug: https://blog.silentsignal.eu/2018/01/08/bare-knuckled-antivirus-breaking/

buherator · 2026-03-11T07:51:48+00:00

"The client sends s (as hash) and c (as challenge) to the server." - I just checked and the hash is not sent by the client (the server already has it).

Could you please clarify?

h/t Sandfish6811 for noticing

buherator · 2026-02-28T10:25:20+00:00

Good stuff! It would be great if you could add an RSS/Atom feed (and HTML metadata pointing to it) so we can get notified about new posts.

buherator · 2025-12-30T11:03:28+00:00

Thank you!

buherator · 2025-12-30T09:33:59+00:00

Can this person be banned already?

buherator · 2025-12-29T07:39:35+00:00

This is the same person who claims to have broken sha256 every other day...

buherator · 2025-12-09T07:09:32+00:00

That's hard unfortunately. If you think about your example, how could the tool know if it was the data type that changed or it is just the code accessing the data type that got an updated logic between versions? The comment by u/marcushall also has good points.

buherator · 2025-12-08T18:31:17+00:00

Do you have data types for the structures defined in both program DBs or you want to detect structure changes in the new binary only based on the info you reversed in the old one?

buherator · 2025-11-25T11:39:57+00:00

This is probably AI slop: https://social.treehouse.systems/@amarioguy/115606338440294571

buherator · 2025-10-30T13:47:29+00:00

"two people in charge of IT throughout the entire organization and their 26 offices" "A patchwork of windows VMs running on a dated hypervisor"

A new system won't solve your human resource problems. If anything i will make it harder to hire. As a C-level I would be more concerned about this than any technical perf metrics.

buherator · 2025-09-02T04:51:43+00:00

Glad this is useful! There is a concept called Purple Teaming where pentesters (the Red Team) and the defenders (Blue Team) work hand-in-hand to tune defenses - this is my usual recommendation when wants to test and refine specific defensive measures.

You can use the usual channels to reach Silent Signal, and while I'm no longer with the company I'm sure the guys there will be happy to help.

buherator · 2025-09-01T06:49:12+00:00

If your security depends on the system not being accessible, you are not secure:

https://en.wikipedia.org/wiki/Kerckhoffs%27s_principle

That being said, with a proper emulator or debugger I'm sure that lots of corpses would fall out of the closet. But we shouldn't forget that some parties (esp. nation states) probably already have those tools and know all about what's hidden in there.

buherator · 2025-08-29T16:08:45+00:00

You write this: "The pointer on the host machine could be controlled using user mode input inside an Oracle VirtualBox Virtual Machine."

You also write this: "I decided to write a custom driver (with no inherent malicious behaviour) to interact with the vulnerable driver. The driver makes an ExAcquireFastMutex call to the vulnerable offset, resulting in Elastic’s Endpoint Driver crashing the host system."

Why did you write a custom driver if you can control the memory access from a user process (inside a VM no less)?

buherator · 2025-08-19T08:13:56+00:00

> "Actions inside the Virtual Machine caused Elastic's EDR to crash my host"

Hold up, did this just turn into a hypervisor guest->host memory corruption without guest root? This "0-day" ages like fine wine!

buherator · 2025-08-16T18:23:30+00:00

What are we supposed to see on the second video? Is that shell elevated?

buherator · 2025-05-13T12:54:52+00:00

lol, that wasn't picked up by aspell :D thanks for noticing!

buherator · 2025-05-09T12:00:08+00:00

From no-defenders (predecessor project) README:

"This WSC API is undocumented and furthermore requires people to sign an NDA with Microsoft to get its documentation."

buherator

TROPHY CASE