All posts by John Doe

■■■□□ Metamorphic Code Example (Malware Mutation). https://stackoverflow.com/questions/10113254/metamorphic-code-examples

■■■■■ Writing a Self-Mutating Malware. https://0x00sec.org/t/writing-a-self-mutating-malware/40213/2

■■■■■ Litterbox: Sandbox approach for malware developers and red teamers to test payloads against detection mechanisms before deployment. https://github.com/BlackSnufkin/LitterBox

■■■□□ Google says hackers behind UK retail cyber campaign now also targeting US. https://therecord.media/scattered-spider-suspected-retail-hackers-google-alert

■■□□□ DEFCON32 Exploiting insecure OTA updates to create the worlds first toothbrush Botnet. The author dumped the firmware and discovered that the toothbrush tries to connect to a specific Wi-Fi network with the password “12345678” to search for updates. Now, they can connect to other toothbrushes.

■■■■■ The RoKRAT family typically uses 3 cloud-based API services and tokens. Analysis of APT37 Attack Case Disguised as a Think Tank for National Security Strategy in South Korea (Operation. ToyBox Story) ◈ Executive Summary Disguised the content as an academic forum invitation from a South Korean national security think tank to attract attention Lured…

■■■■□ A Russia-linked threat actor has been attributed to a cyber espionage operation targeting webmail servers such as Roundcube, Horde, MDaemon, and Zimbra via cross-site scripting (XSS) vulnerabilities, including a then-zero-day in MDaemon, according to new findings from ESET. https://thehackernews.com/2025/05/russia-linked-apt28-exploited-mdaemon.html

■■■■■ World’s first CPU-level ransomware can “bypass every freaking traditional technology we have out there” — new firmware-based attacks could usher in new era of unavoidable ransomware. https://www.tomshardware.com/pc-components/cpus/worlds-first-cpu-level-ransomware-can-bypass-every-freaking-traditional-technology-we-have-out-there-new-firmware-based-attacks-could-usher-in-new-era-of-unavoidable-ransomware

■■■□□ A new (more difficult) era for mXSS will come soon! If nothing breaks, Chromium will start escaping “” in attributes starting with M138. https://chromestatus.com/feature/6264983847174144

■■■■■ Here’s a full technical rewrite of the WhatsApp vs. NSO Group spyware case, focusing on CVE-2019-3568, its exploitation logic, and WhatsApp’s patch implementation: ➿➿ CVE-2019-3568 – WhatsApp VoIP Stack RCE Exploit Summary CVE-ID: CVE-2019-3568 Vulnerability Type: Memory corruption – heap-based buffer overflow Attack Vector: Remote, via malformed RTCP (Real-time Transport Control Protocol) packets sent…