Security

Info Updates: After giving a second thought on the topic and reorganizing the materials, I had a sharing session with my teammates and decided to update this article accordingly. Updates include more suitable examples and graphics. Info Updates 2: It is revised again and published as a preprint. Now you can see it at https://arxiv.org/abs/2503.17813 or https://katsuragicsl.github.io/papers/connectedness/ An empty business lingo or a good quantification? We hope to, and probably need to, quantify the severity of security bugs....

Introduction Recently I am trying to reverse engineering a simple Windows desktop game made with Unity. I took a look on some reference but found that the setup can be a bit frustrating. This post is attempting to make the setup clearer and more followable. Reference links are listed below. Tools Our target is to decompile and debug the Assembly-CSharp.dll inside the folder <game root folder>\<GANE_NAME>_Data\Managed\, which contains custom code the game developer wrote, not the code of Unity or other frameworks....

Introduction LOTS project, founded by mrd0x, is a collection of websites which is likely be trusted but can be used to evade detection when conducting phishing, C&C, exfiltration and downloading tools. In this post I will introduce a way to abusing PayPal and hopefully will be contributing to the LOTS project. This series is (intentively) for my ideas on novel exfiltration/ C&C channels. Exfiltraftion by Paypal In Paypal, one can dispute an order and upload his/ her evidence....

Tl;dr - unfixed information disclosure in Prisma Cloud defenders This post is about how to abuse a agent of a cloud security solution to get information which you should not know, like what security controls are applied, what assets the victim owns and the owners of the assets. Introduction A few months ago I was examining the Prisma Cloud configuration of my workplace and accidentally discovered an information disclosure issue of Prisma Cloud defender (the agent)....