2nd in a 4-part primer on Static Application Security Testing (SAST). This edition gives you an overview of what SAST tools look like under the hood.

In this blog, Cymulate's Research Lab shares how to compromise a domain with the help of a spooler.

Posted in r/netsec by u/mdulin2 • 19 points and 2 comments

Posted in r/netsec by u/dontbenebby • 6 points and 5 comments

Posted in r/RTLSDR by u/-Alchem1st- • 217 points and 53 comments

Posted in r/netsec by u/binaryfor • 1 point and 0 comments

At the beginning of October, Apache released version 2.4.49 to fix a Path Traversal and Remote Code Execution vulnerability and then 2.4.50 to address the fact that the fix was incomplete. We’ve built a mission to demonstrate the risks in a real-life environment.…

Microsoft in an attempt to provide more flexibility to domain users enabled owner of resources to configure which accounts are trusted and allowed to delegate to them. This is achieved by modificat…

During a recent malware incident response case, we encountered an interesting piece of ransomware that goes by the name of BlackByte.

part 1 of this post, we showed how to train a Neural Network to generate the exact sequence of a relatively simple pseudo-random number generator (PRNG), namely xorshift128. In that PRNG, each number is totally dependent on the last four generated numbers…

Available Labs Coming Soon Labs Get All-Inclusive Access Get lifetime access and benefit from the new updates and features. GET ACCESS TODAY!

Ready to use prioritized Security Information and Event Management requirements, to: Develop experience managing security information and event management

Intro Towards the end of July, we observed an intrusion that began with IcedID malware and ended in XingLocker ransomware, a Mountlocker variant. XingLocker made its first appearance in early May o…

Microservices architectures are the dominant force in today’s software engineering realm, but how do they stack up at providing permissions strategies?

GoSecure ethical hackers found a bug in MySQL that left AWS WAF users vulnerable to SQL injection. Our team further confirmed modsecurity to be affected.

An analysis of current and potential kernel security mitigations Posted by Jann Horn, Project Zero Introduction This blog post de...

Coercing elevated accounts such as machine accounts to authenticate to a host under the control of an attacker can provide an opportunity for privilege escalation and domain escalation. There are v…

Security research team discloses vulnerability in open-src web server software. Learn which ver are vulnerable & how to check if the CVE is exploitable in your software