Coding

Harness the woolly beast! Identifying critical data in code with Llama

Date: 04/08/2025

This article discusses three topics: (1) why should AppSec engineers closely monitor sensitive data contained in their products; (2) how to extract the structure of transmitted data from the service code; and (3) how to assess severity for particular fields in found objects in accordance with predefined rules (or how to ask a local open-source LLM model to assess such data for you).

Read full article →

Assembly Programming for Beginners

Date: 26/07/2025

Author: Dmitry Andrienko

What is programming in its essence, independent of any specific language? The variety of answers is astounding. The most common definition you’ll hear is that programming is the creation of instructions or commands for a machine to sequentially execute in order to solve a particular problem.

Read full article →

Shattered gem. Architecture of Ruby applications and their reverse-engineering

Date: 25/07/2025

Author: JaboHack

This article discusses the Ruby programming language and reverse-engineering of applications written in it. You will get familiar with useful research tools, learn distinctive features of such programs, and discover a simple way to debug them.

Read full article →

Anger management. Welcome to Angr, a symbolic emulation framework

Date: 30/06/2025

Author: mr.grogrig

Angr is an unbelievably powerful emulator. This crossplatform tool supports all most popular architectures; using it, you can search for vulnerabilities both in PE32 on Linux and in router firmware on Windows. Let’s examine this binary analysis framework in more detail using Linux as an example.

Read full article →

Puzzle solving. Writing custom JavaScript deobfuscator

Date: 17/06/2025

Author: JaboHack

Today, I am going to demonstrate that JavaScript obfuscation can be removed even in situations when sophisticated deobfuscators are useless. You will learn an effective research technique that can be applied to obfuscated code and write your own deobfuscator.

Read full article →

Multistep SQL injection attacks: Operating principle and impact

Date: 13/06/2025

Author: N3tn1la

SQL injections (SQLi) are among the most popular vulnerabilities in the pentesting community. Too bad, such attacks are increasingly rare nowadays since modern security tools easily detect them. By contrast, an injection triggered when data transfer occurs between services is much more difficult to detect. This article discusses SQLi that are triggered not immediately, but somewhere in the middle of business logic.

Read full article →

Python via Telegram! Writing five simple Telegram bots in Python

Date: 02/06/2025

Author: Ivan Saraev

In this article, we are implementing a simple but extremely useful project in Python — a bot for Telegram. Bots are small scripts that can interact with the API to receive messages from the user and send information to different chats and channels.

Read full article →