Indecent Exposure: Your Secrets are Showing
by moth Hard-coded cryptographic secrets? In my commercially purchased, closed-source software? It’s more likely than you think. Like, a lot more likely. This blog post details a true story of […]
moth
Auditd Field Spoofing: Now You Auditd Me, Now You Auditdon’t
moth // Introduction One fateful night in June of 2022, Ethan sent a message to the crew: “Anyone know ways to fool Auditd on Linux? I’m trying to figure out how to change the auid (audit […]
Exploit Development – A Sincere Form of Flattery
moth // Recently, BHIS penetration tester Dale Hobbs was on an Internal Network Penetration Test and came across an RPC-based arbitrary command execution vulnerability in his vulnerability scan results. I […]
Now That’s What I Call ADHD! 4
moth & James Marrs // Introduction After a month of hard work, Python headaches, dependency hell, and a bit of tool necromancy, ADHD4 is here and we’re thrilled to share […]