New Writeup: Malware deep dive into Zero2Automated Cruloader, a 3-stage malware using RC4 XOR encryption, API hashing via custom ROT13/CRC32, and process hollowing into svchost.exe. #MalwareAnalysis #ReverseEngineering notes.secure77.de/WriteUps/Z…

Don't want to implement your own authentication and access control in your app? You don't have to, I've published a new blog post that deals with the topic of authentication and file access control with authentik for Perlite: secure77.de/perlite-access-c…

#StrelaStealer: My honeypot is being hit with my disclosed login details. Over the past 72 hours, I have logged more than 89000 login attempts from 2500 different IP addresses. They fetching metadata from emails newer then 07.02.2026 secure77.de/strelastealer-20…

StrelaStealer 2026 variant, this is my fist blog post about malware 👀 secure77.de/strelastealer-20…

New Perlite Release 1.6.1 github.com/secure-77/Perlite…

Ready for takeoff? 🚀 Prepare for the brand-new pieces of content coming to the #HackTheBox platforms this week! 🔴 Atlas, a migrated #Vulnlab Machine created by xct 🔴 Bruno, a migrated #Vulnlab Machine created by xct 🔵 SillyEli, a Sherlock created by GuyEldad95 & Roey 🔴 Global Hyperlink Zone, a Challenge created by DCryp7 🔴 Conversor, an HTB Seasons Machine created by FisMatHack Get started now on #HTB Labs and Enterprise Platform: okt.to/5NuP2w #Cybersecurity #InformationSecurity #NewRelease #Hacking #CyberSkills

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-global…

New Release of Perlite is out now! Version 1.6 now supports pretty URLs 🥳 github.com/secure-77/Perlite…

I have published a new blog post describing several vulnerabilities that can be chained to get unauthorized RCE in Smart Time Plus < 8.6. secure77.de/smart-time-plus-…

New Perlite version 1.5.9 is out, you can get it from github.com/secure-77/Perlite…

new blogpost time!! this one's a fun writeup on a vulnerability chain i found across multiple google services that earned me a $4133.70 bounty lots of fun css as usual! i had to recreate a bunch of drive/docs/gmail/youtube UIs c: have fun! lyra.horse/blog/2024/09/usin…

#FakePotato (CVE-2024-38100) post is out! Check out the short write-up on this unexpected vulnerability 😅 decoder.cloud/2024/08/02/the…

First day at Crowdstrike, pushed a little update and taking the afternoon off ✌️

I played a little bit with unity engine android games and published a new blog post secure77.de/how-to-patch-a-a…

#x33fcon hacker pirate ship 2024. Ahoy sea wolves! It was a great pleasure to fish and hunt with you :)

Best crowd ever 🤩⛵️🏴‍☠️

On our way back to Gdynia #x33fcon #hacker #pirates

On the way to @x33fcon 😀👻

Excited to announce our new blog post on new event handlers to trigger XSS! Huge thanks to @bojanz for making this happen and to @PortSwiggerRes for their awesome XSS cheat sheet, now featuring these techniques. infigo.hr/en/insights/46/int…