Automating String Decryption and Other Reverse Engineering Tasks in radare2 With r2pipe https://www.sentinelone.com/labs/automating-string-decryption-and-other-reverse-engineering-tasks-in-radare2-with-r2pipe/

Updated version of System Management Mode backdoor for UEFI based platforms: old dog, new tricks https://github.com/Cr4sh/SmmBackdoorNg

LogoFAIL attack: using image files to attack computers https://www.kaspersky.com/blog/logofail-uefi-vulnerabilities/50160/

Randstorm: You Can’t Patch a House of Cards (BitcoinJS) https://www.unciphered.com/blog/randstorm-you-cant-patch-a-house-of-cards

The new In-The-Wild Google Chrome Heap buffer overflow in WebP (CVE-2023-4863) is due to an out-of-bounds write vulnerability within the "BuildHuffmanTable" function https://chromium.googlesource.com/webm/libwebp.git/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76

Offensive Lua: collection of offensive security scripts written in Lua https://github.com/hackerhouse-opensource/OffensiveLua

Typical vulnerabilities in Proof of Stake protocols https://blog.decurity.io/typical-vulnerabilities-in-lsd-protocols-e52ffe4ee175

NOSTR Encrypted Payloads for Private Communications https://github.com/nostr-protocol/nips/blob/master/44.md

Unmasking the Dark Art of Vectored Exception Handling: Bypassing XDR and EDR in the Evolving CyberThreat Landscape https://www.slideshare.net/slideshow/embed_code/key/4BSm2z8iTWxbnG

threat9/routersploit: Exploitation Framework for Embedded Devices https://github.com/threat9/routersploit

How Hackers Exploit Vulnerable Drivers https://youtu.be/ELVdDwvELKY?feature=shared

StripedFly: Perennially flying under the radar https://securelist.com/stripedfly-perennially-flying-under-the-radar/110903/?utm_source=twitter&utm_medium=social&utm_campaign=gl_SAS-JE_je0066&utm_content=link&utm_term=gl_twitter_organic_izosxwds3vx

BitVM: Any arbitrary computation can now be verified on Bitcoin, with no softfork necessary, in a challenge-response based protocol that can be enforced on-chain. https://bitcoinmagazine.com/technical/the-big-deal-with-bitvm-arbitrary-computation-now-possible-on-bitcoin-without-a-fork

Present and Future of LLMs in Software Security https://moyix.net/~moyix/LLMs_SoftwareSecurity_CSAW.pdf

Typical vulnerabilities in Proof of Stake protocols https://blog.decurity.io/typical-vulnerabilities-in-lsd-protocols-e52ffe4ee175

POC for Apache ActiveMQ CVE-2023-46604 https://github.com/X1r0z/ActiveMQ-RCE

Cobalt Strike 4.5-4.9 Yara Detection https://github.com/paranoidninja/Cobaltstrike-Detection/blob/main/cs49.yara

Opensea (Seaport) Exploit Details: Check if your address is affected https://revoketokens.io/exploits/opensea-11-14/

SHA-1 gets SHAttered https://evervault.com/blog/sha-1-gets-shattered

The issue with ATS in Apple’s macOS and iOS https://blog.trailofbits.com/2023/10/30/the-issue-with-ats-in-apples-macos-and-ios/