Author

Black & White Path

We are the beacon of the cyber world, a stepping stone on the road to security.

384

Articles

Likes

634

Views

Comments

Latest from Black & White Path

100 recent articles max

Black & White Path

Jun 13, 2026 · Information Security

Patator: A Versatile Password‑Cracking Toolkit for Kali Linux

Patator is a Python‑based brute‑force framework preinstalled in Kali Linux that offers precise success/failure filtering via its -x action system, supports over 36 modules for protocols such as SSH, FTP, HTTP, SMB, and provides advanced features like rate limiting, resume, encoding, and proxy support, making it a powerful alternative to tools like Hydra and Medusa.

Brute ForceCommand-line ToolsKali Linux

0 likes · 20 min read

Patator: A Versatile Password‑Cracking Toolkit for Kali Linux

Black & White Path

Jun 13, 2026 · Information Security

My First Medium‑Severity Vulnerability: Exploiting Leaked Test Accounts in an EduCN Portal

The author describes discovering a medium‑severity information‑leak vulnerability in an educational portal by using a Google dork to locate a file exposing three default test accounts, then logging in with the admin credentials (password 123456) after other attack attempts failed.

Google dorkeducation domaininformation leakage

0 likes · 3 min read

My First Medium‑Severity Vulnerability: Exploiting Leaked Test Accounts in an EduCN Portal

Black & White Path

Jun 13, 2026 · Information Security

GreatXML Attack Shows BitLocker Encryption Can Be Bypassed with Physical Access

GreatXML, a new BitLocker bypass disclosed by researcher Nightmare Eclipse, exploits Windows Defender’s offline scan to gain unrestricted access to encrypted volumes via the recovery partition, requiring only physical access or write rights, and undermines the assumed security of BitLocker‑TPM protection.

BitLockerGreatXMLPhysical Access Attack

0 likes · 6 min read

GreatXML Attack Shows BitLocker Encryption Can Be Bypassed with Physical Access

Black & White Path

Jun 13, 2026 · Information Security

How WinLOLBIN‑GT’s Massive LOLBin Dataset Boosts Blue‑Team Detection

The newly released WinLOLBIN‑GT dataset, containing over 10 million labeled Windows LOLBin behavior events, enables machine‑learning models—such as a Char CNN achieving 99% accuracy—to dramatically improve blue‑team detection, reduce false positives, and support SOC, EDR, and threat‑hunting workflows.

LOLBinSIEMbehavioral dataset

0 likes · 8 min read

How WinLOLBIN‑GT’s Massive LOLBin Dataset Boosts Blue‑Team Detection

Black & White Path

Jun 12, 2026 · Information Security

How OceanLotus Hijacked Vietnam's Stock App Update Server to Deploy the SPECTRALVIPER Backdoor

ESET uncovered a six‑month supply‑chain poisoning campaign in which the OceanLotus APT group compromised the FireAnt Metakit update server, delivered a malicious SPECTRALVIPER backdoor to Vietnamese investors, and highlighted critical flaws in unsigned software updates.

FireAnt MetakitMalware AnalysisOceanLotus

0 likes · 8 min read

How OceanLotus Hijacked Vietnam's Stock App Update Server to Deploy the SPECTRALVIPER Backdoor

Black & White Path

Jun 12, 2026 · Information Security

How Skills and MCP Influence AI‑Driven Vulnerability Discovery

The article reviews two recent posts on AI‑assisted security testing, explains how Skills can limit large‑model performance, argues that MCP provides richer tooling, and shares a practical Burp MCP workflow with code snippets for traffic analysis in vulnerability research.

AI AgentBurp SuiteMCP

0 likes · 6 min read

How Skills and MCP Influence AI‑Driven Vulnerability Discovery

Black & White Path

Jun 12, 2026 · Information Security

TikTok ‘Free Spotify’ Scam Uses ClickFix to Deploy Vidar Malware on DevOps

A recent campaign on TikTok and Instagram Reels uses AI‑generated “free Spotify Premium” tutorials to lure developers and operations engineers into running a malicious PowerShell command that silently installs the Vidar infostealer, harvesting browser data, crypto wallets, and critical cloud credentials.

ClickFixCredential TheftPhishing

0 likes · 9 min read

TikTok ‘Free Spotify’ Scam Uses ClickFix to Deploy Vidar Malware on DevOps

Black & White Path

Jun 12, 2026 · Information Security

Why Microsoft Shut Down Nearly 100 Open‑Source Repos Over AI Supply‑Chain Poisoning

Microsoft disabled 73 GitHub repositories—including Azure Functions, Durable Task, and AI sample projects—after researchers uncovered malicious commits that steal user credentials when opened in AI coding tools, an attack linked to the TeamPCP group.

AI Code ToolsGitHubMicrosoft

0 likes · 4 min read

Why Microsoft Shut Down Nearly 100 Open‑Source Repos Over AI Supply‑Chain Poisoning

Black & White Path

Jun 12, 2026 · Information Security

Claude Fable 5 Jailbreak: 120k Prompt Leak, Stack‑Overflow Exploit and Drug‑Synthesis

Within two days of its release, Anthropic's Claude Fable 5 was jailbroken by a red‑team researcher using a multi‑agent "Pack Hunt" strategy, exposing a 120,000‑character system prompt, generating x86 stack‑overflow exploit code and a Birch reduction drug‑synthesis recipe, and revealing fundamental flaws in its silent‑downgrade security design.

AI securityBirch reductionClaude Fable 5

0 likes · 7 min read

Claude Fable 5 Jailbreak: 120k Prompt Leak, Stack‑Overflow Exploit and Drug‑Synthesis

Black & White Path

Jun 11, 2026 · Information Security

Why the Ghost‑Sender Attack on Microsoft Exchange Is Being Widely Exploited

The Ghost‑Sender flaw lets attackers bypass SPF, DKIM and DMARC by sending spoofed mail directly to Exchange Online's public SMTP endpoint, affecting over half of organizations that use an external mail gateway, and can be mitigated with connector or transport‑rule configurations.

Email SpoofingExchange OnlineGhost-Sender

0 likes · 13 min read

Why the Ghost‑Sender Attack on Microsoft Exchange Is Being Widely Exploited