︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎ ︎

CVE-2023-21768 is an interesting Windows kernel vulnerability to study. The bug resided in afd.sys, the Windows Ancillary Function Driver that implements the kernel-side of WinSock. Insufficient validation of a user-supplied pointer in an IOCTL path allowed attackers to build an arbitrary kernel write primitive and elevate privileges to NT AUTHORITY\SYSTEM. It's a solid case study in IOCTL handling, user/kernel boundary validation, and secure kernel programming.

Cloudflare spent 6 weeks chasing a bug in the hyper Rust HTTP library. The fix was 4 lines. 🦀 The symptom: image responses returning HTTP 200 but with truncated data : a 14.9 MB response arriving as 219 KB, no errors logged anywhere. The root cause: a single `let _ =` in hyper's dispatch loop discarding a `Poll::Pending` signal from the flush operation. The socket buffer filled up, flush returned pending, but hyper ignored it and called shutdown anyway, dropping the remaining data silently. What made it so hard to find: → Only happened in production, never with curl → Only triggered for large images under real concurrency → Disappeared when strace was broadened (slowed things just enough to shift timing) → All application-level logs reported success The breakthrough came from strace : kernel-level syscall tracing, which showed shutdown being called after just one write, with 14.8 MB still in the buffer. The bug existed in hyper across multiple major versions (0.14 through 1.8). It was invisible because most readers drain data fast enough that the socket buffer never fills. A new, faster intermediary introduced just enough backpressure to expose it. Fix is now merged upstream in hyperium/hyper PR #4018. A masterclass in debugging async Rust at the systems level. 🔗 https://t.co/yd3RY2mfOf #RustLang #AsyncRust #Hyper #SystemsProgramming #Debugging #OpenSource #Cloudflare

Master full bible of Reverse Engineering and Malware Analysis step by step. A comprehensive, battle-tested roadmap covering: - x86/x64 Assembly - Static & Dynamic Analysis - Packers, Rootkits & Anti-RE techniques - Real-world tools (Ghidra, IDA, x64dbg & more) - AI powered IDE Beginner to expert, Tools, resources, challenges all in one place. Bookmark this, The most complete Reverse Engineering & Malware Analysis Roadmap on GitHub. - https://t.co/RrFwH4mDgf

Wanna learn exploit development and have no idea where to get started? In this beginner friendly tutorial we look at bof! This is a simple buffer overflow that really highlights how these flaws work vs the traditional vanilla overflow. Check out the latest tutorial below: https://t.co/DAbhhQ9Gwj

📱 Android Security & Reverse Engineering YouTube Curriculum This community-curated curriculum brings together hundreds of hours of high-quality Android security research from conferences such as Black Hat, DEF CON, OffensiveCon, CCC, USENIX, ShmooCon, and BSides. Topics cover Android exploitation, reverse engineering, malware analysis, kernel and GPU attacks, baseband security, Bluetooth vulnerabilities, WebView exploitation, mobile forensics, hardware hacking, and supply chain security. Whether you're interested in Android bug hunting, mobile malware research, exploit development, or reverse engineering, this collection provides a structured roadmap from application-level vulnerabilities to advanced hardware and kernel exploitation techniques. 🔗 https://t.co/QsjLk7qcRS #AndroidSecurity #ReverseEngineering #MobileSecurity #MalwareAnalysis #BugBounty

Our course "Windows Legacy & PnP Driver Programming" Get started into writing windows drivers and dive into kernel development. Develop production grade software driver that handles pnp and power management. Course Contents: 🛠️ Windows VM setup and Hello World Driver 🛠️ Exploring DRIVER_OBJECT 🛠️ Creating Devices & Symbolic Links 🛠️ Dispatch Routines 🛠️ IO Request Packet 🛠️ METHOD IO 🛠️ Upper Filter Drivers 🛠️ Creating IRPs 🛠️ Interrupts and IRQL 🛠️ Synchronization Primitives like Spinlock, mutex, semaphore, events etc 🛠️ StartIO 🛠️ Deferred Procedure Call (DPC) 🛠️ Workitem and IRP Queue Draining 🛠️ Cancel Safe Queues 🛠️ Registry Operations 🛠️ Plug n Play Theory 🛠️ AddDevice() 🛠️ Handling PnP IRPs like IRP_MN_START_DEVICE, IRP_MN_STOP_DEVICE, IRP_MN_REMOVE_DEVICE etc. 🛠️ Usermode Asynchronous IOCTL 🛠️ Installing PnP driver with devcon 🛠️ Auto updating PnP driver 🛠️ PnPutil 🛠️ CSQ in PnP driver 🛠️ RemoveLocks 🛠️ Raw & Translated Resources 🛠️ Filter Resource requirements 🛠️ Device Usage Notifications 🛠️ DO_POWER_PAGABLE 🛠️ Power Basics 🛠️ Handling IRP_MN_QUERY_CAPABILITIES 🛠️ Handling IRP_MN_QUERY_POWER, IRP_MN_SET_POWER Price: $99 only Bonus contents: Full code snippets Exclusive access to high quality onenote diagrams in pdf format. Get it at $99 only: https://t.co/QmRLsGEe64 #infosec #cybersecurity #windowsinternals #driverprogramming #hackthebox #tryhackme

Burp Suite Professional costs 475 dollars a year per seat. A senior software engineer in Amsterdam built the open source replacement as a side project. He put it on GitHub for free. It has 10,569 stars. His name is David Stotijn. The software is Hetty. Here is what Hetty is. An HTTP toolkit for security research. A machine-in-the-middle proxy that sits between your browser and the target. Every request and every response flows through Hetty. You can read them, search them, intercept them, edit them, replay them, and send them again. This is the core loop of every web application security test ever performed. Burp Suite charges 475 dollars a year for it. Hetty does the same job for zero. Here is the feature set. A machine-in-the-middle HTTP proxy with full logs and advanced search. An HTTP client for manually creating and editing requests, and replaying any request you already proxied. Request and response interception for manual review, with full edit, send, receive, and cancel control. Scope support to keep your work organized to a single target. A web-based admin interface that runs in your browser. Project-based database storage so multiple engagements stay separate. A GraphQL service for programmatic access. The installer is a single Go binary. Works on macOS, Linux, and Windows. No Java runtime, no enterprise license server, no machine fingerprinting, no telemetry. Here is the price ladder. Burp Suite Professional: 475 dollars a year per seat. Burp Suite Enterprise: thousands per year, contact sales for a quote. Burp Suite Community Edition: free, but throttled, no scanner, no project save, no intruder rate. OWASP ZAP: free and open source, now owned by Checkmarx after a 2024 acquisition. Hetty: zero. Forever. One binary. No account. A pentester working full time pays Burp 475 dollars a year. A team of 10 pentesters pays 4,750 dollars a year. A bug bounty hunter who finds one vulnerability has already paid for Burp twice over. Or they download a 30 MB Go binary written by a freelancer in Amsterdam and keep every dollar they earn. David has not pushed a new commit in 16 months. The last commit was January 13, 2025. That is normal for a tool that is feature-complete. HTTP has not changed. The proxy still proxies. The intercept still intercepts. MIT licensed code does not expire when the maintainer takes a break. Buy a domain. Find a bug. Cash a bounty. PortSwigger took a free industry tool and put it behind a 475 dollar paywall. A freelancer in Amsterdam gave it back. On every platform. For zero dollars. Your proxy. Your binary. Your bounties. (Link in the comments)

If you have always wanted to learn x86 assembly but thought it was too hard, take a look at these links. It is hard, no doubt, but once you learn that there's a logic behind it and that the opcodes weren't arbitrarily chosen, it might become a bit easier. x86 Instruction Encoding ...and the nasty hacks we do in the kernel https://t.co/PyLp6QEKxW Borislav Petkov: x86 instruction encoding and the nasty hacks we do in the kernel https://t.co/SXXk0UQKAJ A Summary of the 80486 Opcodes and Instructions https://t.co/KakN5JB9Hx x86 and amd64 instruction reference https://t.co/wYE5iyDAb2