whysoserial-cpp is a robust C++ implementation of Java object serialization, specifically designed for generating malicious payloads. Unlike its Java counterpart, ysoserial, this C++ tool focuses on "weaponizing" serialization capabilities to exploit vulnerabilities in Java Virtual Machine (JVM) environments. As an advanced Proof of Concept (PoC), whysoserial-cpp enables security professionals to create and manipulate serialized object streams for security assessment and penetration testing purposes.

The JennyLab Subjectivity-IA project is an open-source initiative (test investigation) that explores how to calculate subjectivity without relying on machine learning models. Its goal is to offer a deterministic and explainable approach to decision analysis, especially in contexts where risks and needs must be evaluated.

A race condition vulnerability exists in Uber Eats' order processing and payment confirmation management, particularly when platform features that extend the transaction lifecycle are utilized (e.g., complex promotions, orders from multiple establishments). By exploiting a payment method susceptible to a race condition (where funds can be withdrawn after initial authorization but before final capture) during this extended time window, it's possible for Uber Eats to confirm and process an order based on temporary payment approval. Subsequently, the actual payment fails when the payment processor attempts to capture the funds, but by then, Uber Eats may have already incurred costs or even completed the delivery, resulting in financial loss.

https://github.com/h0ffy/JDomRev

Public repository of public code on GitHub for the initial implementation tests of the Perceptron in C++. Soon, I will make more commits with the implementation reduced to C. Afterwards, I will explore libraries, frameworks, and tools in C/C++ for AI development, and look for optimization possibilities using AVX, MMX, SSE, SIMD, etc., with NASM, MASM, and/or C Inline Assembly.

My glossary is just a list of word to avoid code break in translation process from English to Spanish. I've publish inna GitHub: ("https://github.com/JennyLab/JennyGlossarySpanishLang").

A recently identified malware campaign demonstrates a noteworthy discrepancy between the sophistication of its distribution vector and the relative simplicity of its final payload. Although the malware itself appears rudimentary compressed ZIP file requiring user actions to disable antivirus its deployment strategy is alarmingly refined. The threat actors have fabricated a convincing Google Colab download interface and Reddit like a portal to lure victims into trusting and executing the malicious file.

In this document, we will explore how to use VBA (Visual Basic for Applications) and VBScript to automate tasks and manipulate Word documents. These scripting languages are powerful tools for developers and IT professionals seeking to automate repetitive processes and increase efficiency in document management. Moreover, we will delve into scenarios related to Red Team and security testing, demonstrating how these technologies can be used both legitimately and, eventually, in threat-simulation contexts.

I uncovered a malicious OCR app in the Microsoft Store, linked to organized campaigns from China targeting developers. These threats use tools like fake VSCode extensions to steal credentials, compromise projects, and create system backdoors. Vigilance and measures like pre-scan tools and regular audits are vital, even on trusted platforms.

Over four years ago, at JennyLab, we identified a previously unknown zero-day vulnerability in Immunity Debugger, which has remained unreported to this day. This critical security flaw enables arbitrary code execution, allowing an attacker to run a binary without triggering Immunity Debugger’s debugging mode.