Cybersecurity firm providing offensive and defensive security solutions, research, and software to protect applications and infrastructure.
Kubernetes focused container assessment and context discovery tool for penetration testing
SOCKS5 proxy tool that uses Azure Storage services as a means of communication.
PASTIS: Collaborative Fuzzing Framework
Reverse-engineering tools and exploits for Samsung's implementation of TrustZone
qb-sync is an open source tool to add some helpful glue between IDA Pro and Windbg. Its core feature is to d…
Did you hear about Optical Line Terminals? ISPs rely on them to build their service networks, but what if they're vulnerable? Here @coiffeur0x90 shows how attackers could compromise entire ISPs by exploiting them and cloud-based fleet management…
A hands-on look at Microsoft’s Independent Guest Virtual Machine (IGVM) format inside OpenHCL’s `openhcl.bin`. We unpack the fixed header, variable headers, data layout, and how IGVM measurement supports Confidential Computing with SEV-SNP and…
Paramiko is a pure-Python implementation of SSHv2. Recently, we worked with the Paramiko team on a security audit sponsored by @OSTIFofficial 🙏 Read a summary of our findings and find the full report here: https://blog.quarkslab.com/paramiko-security-audit.html
Do you know how Entra ID applications work? What about the security mess they can bring and what they can quietly break? New blog post on Entra ID application permissions, the audit nightmare they create, and QAZPT, our OSS tool built to make sense of…
