Scanning 1.7 million Australian domains and finding 1.62 million SPF & DMARC email security issues.

One student sent us an email and asked “why most of websites implements a session id that seems to be a content hashed?”. Well, it’s important to discuss at this time why protecting session id must be done, and how it is evolved.
The obligatory disclaimer:…

Little words about me

Checks all maintainers of all NPM and Pypi packages for hijackable packages through domain re-registration - GitHub - firefart/hijagger: Checks all maintainers of all NPM and Pypi packages for hija...

This blog post explains three vulnerabilities detected in the AWS IAM Authenticator where all of them were caused by the same code line.

CVE-2022–35412

Explore and run machine learning code with Kaggle Notebooks | Using data from CVE (Common Vulnerabilities and Exposures)

A large-scale phishing campaign that attempted to target over 10,000 organizations since September 2021 used adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user’s sign-in session, and skip the authentication process, even if the…

Azure Site Recovery is a suite of tools aimed at providing disaster recovery services for cloud resources. It provides utilities for…

Cosign and Connaisseur allow us to secure the Kubernetes deployment with signature verification, ensures that our images do not change.

computers

Team Nautilus has recently discovered a vulnerability in Node.js that can lead to DLL hijacking on Windows via npm CLI if OpenSSL is installed on the host

During my early stages of employment at Gais Cyber Security in 2021, my manager had reached out to me over the phone and said with…

We’ve just released another open-source tool: pretender, a cross-platform tool to obtain a machine-in-the-middle position inside Windows networks in the spirit of Responder and mitm6. It implements local name resolution spoofing using the mDNS, …

We recently discovered a Prototype Pollution vulnerability in Blitz.js leading to Remote Code Execution. Learn about this bug class and how to avoid it in your code!

It's been more than six months since the Log4Shell vulnerability (CVE-2021-44228) was disclosed, and a number of post-mortems have come out talking about lessons learned and ways to prevent the next Log4Shell-type event from happening.

What happens when you run an executable on your Windows machine? This blog provides a brief overview and the flow for creating a Windows Process, the APIs and structures involved, and the Process Internals.