DNSSEC uses resource records like NSEC or NSEC3, which can be leveraged for subdomain enumeration. Different techniques for zone enumeration and countermeasures like White Lies and Black Lies are described in this blog post.

Vulnerability intelligence that predicts avenues of attack with speed and accuracy.

Configuration Manager often contain information that could be used by an attacker to find new attack paths or credentials that allow lateral movement.

An extensible developer-friendly application security platform that scans source code to surface true and actionable security issues with AI-assisted SAST, SCA, and Secrets Detection solutions.

Posted by Gallus - 13 votes and 0 comments

In our last blog, we detailed our approach to building a continuous application security pipeline with the objective of providing…

The Threat Analysis Group shares new information on the commercial spyware vendor Variston.

Share your videos with friends, family, and the world

We are working diligently to understand the scope of the incident and identify what specific information has been accessed.

How IBM Cloud caught us exploring its infrastructure and how a hardcoded secret eventually led to build artifact access and manipulation

Exciting news – we’ve released a new version of our CI/CD Goat CTF platform, a deliberately vulnerable CI/CD environment. We decided to release a new version with a shiny new challenge, after our previous 10 challenges were enthusiastically received and widely…

ONEKEY identifies a command injection bug in the M25 NAS from Asus. Read the latest Security Advisory here

This advisory contains information about the following vulnerabilities:
- OOB Accesses Using the Logging System

Last month, during Ekoparty, Blue Frost Security published a Windows challenge. Since having a Windows exploitation challenge, is one of a kind in CTFs, and since I’ve found the challenge interesting and very clever, I’ve decided to post about my reverse…