Introducing a novel technique for e-mail spoofing

This report is a little different than our typical content. We were able to analyze data from a perspective we typically don’t get to see… a threat actor’s host! In early November…

Security reports: efficient and straightforward. The simplest way to detect and fix vulnerabilities

Log4Shell was proclaimed one of the most critical vulnerabilities, but in this blog, VulnCheck challenges that perspective, revealing the limited number of vulnerable systems still present two years after the initial disclosure.

The story of CVE-2023-6483, my first CVE and biggest security disclosure yet.

We found a serious error in Microsoft’s Attack Simulator program. Without a fix, it would have turned into a real phishing attack platform circumventing all protection mechanisms.

Algosec helps to securely accelerate application delivery by automating application connectivity and security policy across the hybrid network estate.

### Impact
Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use th...

In part 1 of this two-part series, Akamai researchers explore two new Windows vulnerabilities that could lead to remote code execution against Outlook clients.

Drill into WARC web archives. Contribute to crissyfield/troll-a development by creating an account on GitHub.

In part 2 of this two-part series, Akamai researchers detail methods and attack imitations within DHCP to spoof DNS — and introduce a new tool for your toolkit.

As seen in most security blog posts today, binary diffing tools are essential for reverse engineering, vulnerability research, and malware analysis. Patch diffing is a technique widely used to identify changes across versions of binaries as related to security…

Summary

Summary

Umpteenth time that you will see a lateral movement based on DCOM. This time it's Visual Studio.