Vulnerability Research

We are excited to announce the release of Goffloader, a pure Go implementation of an in-memory COFFLoader and PE loader. This tool is designed to facilitate the easy execution of Cobalt Strike ...

Overview In an effort to safeguard our customers, we perform proactive vulnerability research with the goal of identifying zero-day vulnerabilities that are likely to impact the security of leading organizations. Recently, we ...

The post Patch Tuesday Update - August 2024 appeared first on Digital Defense ...

Overview Praetorian recently performed an assessment of a platform responsible for downloading and building untrusted, user-supplied code. The client was concerned about the possibility of attackers leveraging this process to compromise the ...

Overview Nowadays, the convenience of streaming applications on our mobile and web applications has become an integral part of our entertainment experience. However, this experience can come at a cost if we ...

Overview CVE-2019-1166 (“Drop the MIC”) is a tampering vulnerability in Microsoft Windows, specifically targeting the NTLM (NT LAN Manager) authentication protocol. The vulnerability allows a man-in-the-middle attacker to bypass the NTLM Message ...

The post Patch Tuesday Update - July 2024 appeared first on Digital Defense ...

Yesterday, the Qualys Threat Research Unit (TRU) announced an unauthenticated remote code execution in OpenSSH’s sshd server. Cataloged as CVE-2024-6387, the vulnerability is a regression of CVE-2006-5051, hence its nickname: “RegreSSHion”. In ...

The post Patch Tuesday Update - June 2024 appeared first on Digital Defense ...

Overview Recently, we identified several critical Pwn Request vulnerabilities within GitHub Actions used by the Rspack repository. These vulnerabilities could allow an external attacker to submit a malicious pull request, without the ...