We found lacking user privilege separation enforcement and post-authentication command injection remote code execution within Cisco ATA19X firmware.

Today we are introducing Shisho Cloud, a SaaS solution that supports an entire process of improving your infrastructure-as-code security with intelligent autofixes of security issues.Securing Infrastr...

Since 2012, Trail of Bits has helped secure some of the world's most targeted organizations and products. We combine high-­end security research with a real­ world attacker mentality to reduce risk and fortify code.

Israeli businessmen were reportedly targeted by an assassin in Cyprus who was caught. Targeted Israeli businessman Teddy Sagi's company has called the incident Iranian terror.

weggli is a fast and robust semantic search tool for C and C++ codebases. It is designed to help security researchers identify interesting functionality in large codebases. - weggli-rs/weggli

Posted in r/netsec by u/davidw_- • 0 points and 1 comment

Today we are excited to announce the release of Fleet 4.4.0 which brings new and improved features for our osquery and Fleet users.

Call Tree Overviewer. Contribute to herosi/CTO development by creating an account on GitHub.

This blog will be a technical deep-dive into CyberArk credential files and how the credentials stored in these files are encrypted and decrypted. I discovered it was possible to reverse engineer the encryption and key generation algorithms and decrypt the…

Posted in r/netsec by u/antfigunio • 163 points and 6 comments

Background This weekend I was doing some HTB machines to prepare for the OSWE certification. One of the recommended machines was Writeup. This machine is vulnerable to CVE-2019-9053 which has a corresponding exploit on Exploit-DB.

First in a four part primer on Static Application Security Testing (SAST). This edition talks about what SAST is and why it's needed.

Posted by Titokhan - 164 votes and 0 comments

Scan installed EDRs and AVs on Windows. Contribute to FourCoreLabs/EDRHunt development by creating an account on GitHub.

keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue was discovered where this library was generating identical RSA keys used in SSH. This would mean that the library…

The Mosque-Cathedral of Córdoba is a chronicle of

Keyboard Warrior, Breaking software is just finding unintended features, right?

Oh relational databases, that tired old relic of another age. Codd and friends were great in their time, but serious software engineers need to move on. People building Web Scale™ software You’ve probably heard a similar sentiment at some point. That relational…