So there I was preparing a presentation with some pretty pictures and then I thought…after I give this presentation: How will the audience play with the data and see for themselves how these …

A comprehensive analysis of Subdomain Takeovers (SDTO), DNS Hijacking, Dangling DNS, CNAME misconfigurations…

Leaders in Information Security

Today we are releasing several new challenges for the embedded security CTF, Microcorruption. These challenges highlight types of vulnerabilities that NCC Group’s Hardware and Embedded Systems practice have discovered in real products. The new challenges…

Earlier this year, I discovered a flaw in XNU, which is the kernel that Apple uses on both macOS and iOS. While it's not a particularly complicated flaw, I wanted to explain how I discovered it and how it works, both so that I can motivate others and so that…

Fugu15 is a semi-untethered permasigned jailbreak for iOS 15 - GitHub - pinauten/Fugu15: Fugu15 is a semi-untethered permasigned jailbreak for iOS 15

Application security issues found by Assetnote

Operational information regarding CVE-2022-3602 and CVE-2022-3786, two vulnerabilities in OpenSSL 3 - NCSC-NL/OpenSSL-2022

Today we published an
advisory about CVE-2022-3786
(“X.509 Email Address Variable Length Buffer Overflow”) and
CVE-2022-3602 (“X.509 Email Address 4- …

Learn how the OpenSSL punycode vulnerability (CVE-2022-3602) works, how to detect it, and how it can be exploited.

Last week, our automated risk detection platform alerted us to suspicious activity in dozens of newly published PyPI packages. Here's what we uncovered.

Periodic cyber security newsletters that capture the latest news, summaries of conference talks, research, best practices, tools, events, vulnerabilities, and analysis of trending threats and attac...

Symbolic Execution can get a bad rap. Generic symbex tools have a hard time proving their worth when confronted with a sufficiently complex target. However, I have found symbolic execution can be very helpful in certain targeted situations. One of those situations…

We explore the security service urlscan.io and showcase through various "dorks" that their searchable scan database is a treasure trove of URLs pointing to sensitive user information, allowing account takeover, and much more. Part of the data has been leaked…

About Steampipe

Steampipe organizes your cloud metadata into tables and fields that are easily discoverable and readable.

It is the universal interface to APIs. You can SQL to query cloud infrastructure, SaaS, code, logs, and more.
Painlessly joi...

We discovered multiple vulnerabilities in Checkmk, which can be chained together by an unauthenticated, remote attacker to fully take over a vulnerable server.