Offensive Tool Development - The Shellcode Compiler Was Right There All Along... (Part 1) https://sh3llsp4wn.github.io/Shellcode-With-The-Default-Linux-Toolchain/

CoFuzz: Coordinated hybrid fuzzing framework with advanced coordination mode https://github.com/Tricker-z/CoFuzz

POSTDump: Another tool to perform minidump of LSASS process using few technics to avoid detection. https://github.com/YOLOP0wn/POSTDump

NetNTLMv1 Downgrade to compromise https://www.r-tec.net/r-tec-blog-netntlmv1-downgrade-to-compromise.html

NixImports - A .NET Malware Loader, Using API-Hashing To Evade Static Analysis https://www.kitploit.com/2023/08/niximports-net-malware-loader-using-api.html?m=1

SandBlaster: Reversing the Apple sandbox from Cellubrite Labs https://github.com/cellebrite-labs/sandblaster

BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps https://www.welivesecurity.com/en/eset-research/badbazaar-espionage-tool-targets-android-users-trojanized-signal-telegram-apps/

Introducing Python in Excel: The Best of Both Worlds for Data Analysis and Visualization https://techcommunity.microsoft.com/t5/microsoft-365-blog/introducing-python-in-excel-the-best-of-both-worlds-for-data/ba-p/3905482

dtlspipes: Generic DTLS wrapper for UDP sessions https://github.com/Snawoot/dtlspipe

The Vulnerability of Zero Trust: Lessons from the Storm 0558 Hack https://thehackernews.com/2023/08/the-vulnerability-of-zero-trust-lessons.html?m=1

TunnelCrack is a combination of two widespread security vulnerabilities in VPNs https://tunnelcrack.mathyvanhoef.com/

Vulnerability allows an attacker to extract a full private key from a wallet implementing Lindell17 2PC protocol, by extracting a single bit in every signature attempt (256 in total) https://www.fireblocks.com/blog/lindell17-abort-vulnerability-technical-report/

Knocking on Hell's Gate - EDR Evasion Through Direct Syscalls https://labs.en1gma.co/malwaredevelopment/evasion/security/2023/08/14/syscalls.html

FISC Rules That [REDACTED] Is Not Subject to FISA 702 for One of Its Services https://www.emptywheel.net/2023/08/27/fisc-rules-that-redacted-is-not-subject-to-fisa-702-for-one-of-its-services/

Exploit Equivalence Classes https://blog.isosceles.com/exploit-equivalence-classes/

GenSym: high-performance, parallel, compilation-based symbolic execution engine https://github.com/Generative-Program-Analysis/GenSym

AD_Enumeration_Hunt - Collection Of PowerShell Scripts And Commands That Can Be Used For Active Directory (AD) Penetration Testing And Security Assessment https://www.kitploit.com/2023/08/adenumerationhunt-collection-of.html?m=1

Widespread file exposure possible with Western Digital, Synology NAS flaws https://www.scmagazine.com/brief/widespread-file-exposure-possible-with-western-digital-synology-nas-flaws

Google details 0-click bug in Pixel 6 modem: Advises users to disable 2G https://www.scmagazine.com/news/google-details-0-click-bug-in-pixel-6-modem-advises-users-to-disable-2g

Flax Typhoon using legitimate software to quietly access Taiwanese organizations https://www.microsoft.com/en-us/security/blog/2023/08/24/flax-typhoon-using-legitimate-software-to-quietly-access-taiwanese-organizations/