# SOAPwn: Pwning .NET Framework Applications Through HTTP Client Proxies And WSDL Welcome back! As we near the end of 2025, we are, of course, waiting for the next round of SSLVPN exploitation to occur in January (as it did in 2024 and 2025). Weeeeeeeee. Before then, we want to […]

Throughout 2025, we conducted and published several reports related to our research on the Silver Fox APT. In some of them (for example, here), the threat actor delivered the well-known **ValleyRAT backdoor**, also referred to as **Winos** or **Winos4.0**, as the final stage. Since this malware family is widely used, modular, and often associated with […]

Gerne unterstütze ich Sie als Freelancer bei der Erarbeitung und Durchführung maßgeschneiderter Workshops und Trainings: In einer Zeit, in der durch _Vibe-Coding_ Proof-of-Concept-Anwendungen nur wenige Prompts entfernt sind, ist es essenziell, dass Mitarbeitende in Unternehmen regelmäßig geschult werden, um ein Bewusstsein für IT-Sicherheit zu schaffen und dieses aufrechtzuerhalten. Hierbei biete […]

# Designing a Passive LiDAR Detector Device – Hardware At DEF CON 32, Samy Kamkar gave a talk about laser microphones. That was the only talk I made a point to watch live that year. Kamkar never disappoints and I have fond memories of trying to use a laser pointer […]

# The Normalization of Deviance in AI The AI industry risks repeating the same cultural failures that contributed to the Space Shuttle Challenger disaster: Quietly normalizing warning signs while progress marches forward. The original term **Normalization of Deviance** comes from the American sociologist Diane Vaughan, who describes it as the […]

Hacking Lab Hacking Lab Home People Publications CVEs Contact Light Dark Automatic RTCon: Context-Adaptive Function-Level Fuzzing for RTOS Kernels (to appear) Eunkyu Lee , JunYoung Park , Insu Yun February 2026 Cite Publication Proceedings of the 2026 Annual Network and Distributed System Security Symposium (NDSS) Cite ×Copy Download

This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data. You can email the site owner […]

By: Dikla Barda, Roman Zaikin, and Oded Vanunu On November 30, 2025, Check Point Research detected a critical exploit targeting Yearn Finance’s yETH pool on Ethereum. Within hours, approximately $9 million was stolen from the protocol. The attacker achieved this by minting an astronomical number of tokens—235 septillion yETH (a […]

### The challenge https://www.turb0.one/pages/Challenge_Two:_Stranger_XSS.html We are given a frameable target page on this address `https://www.turb0.one/files/9187cc52-fd4d-49c6-a336-0ce8b5139394/xsschal2minimal/inner.html`. The page loads three scripts “` “` ### Summary – We can use object recursion to have an assignment of an attribute overwrite itself – We can bypass CSP by writing a payload into the […]

This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data. You can email the site owner […]