Windows users have encountered a significant outage, part of a global outage. On July 19, 2024, Crowdstrike users experienced outage

I recently created an Electron JS-based Windows and MacOS application. The newer version of Electron has Integrity detection which…

This blogpost explores the choice of security protocols and their consequences RDP Security by navigating Transport Layer Security (TLS) and Network Level Authentication (NLA) of Remote Desktop Protocol (RDP). Attack Trends and Geographic Dynamics are explored…

Discover Trusted Platform Modules (TPMs) for boosted security in computing. Understand their history, functions, architecture and use-cases.

Investing in a NetFlow Analyzer boosts operational excellence and ROI. This guide will help you find the right fit.

A repository describing how we can cut some Dreo fans from the cloud, allowing them to run completely locally via HA. - ouaibe/dreo-cloudcutter

WebAssembly is revolutionizing the approach to developing modern applications. Although this technology was born to create portable and performant modules in web browsers, currently, its...

In this blog post, we'll explain how we discovered three critical vulnerabilities in Kafka UI and how they can be exploited.

How Doppelganger, one of the biggest Russian disinformation campaigns, is using EU companies to keep spreading its propaganda – despite sanctions.

Explore our recent investigation that reveals how web browser notification service workers are being exploited by malicious actors to deliver ads and harmful code without detection. This blog discusses the techniques used, including undetectable user interaction…

I'm pleased to announce our first release, the Incident Response Program Pack. The goal of this release is to provide you with everything you need to establish a functioning security incident response program at your company. In this pack, we cover Definitions:…

ESET researchers discovered a zero-day Telegram for Android exploit that allows sending malicious files disguised as videos.

Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination IP addresses are parsed based on the server name in TLS Cli...

CVE-2019-8805 is a privilege escalation vulnerability found in macOS Catalina 10.15 by Scott Knight. This vulnerability occurs through the Endpoint Security framework introduced in Catalina 10.15....

Our latest research into VPC Endpoint Policy causes AWS to introduce significant changes!

Introduction I have participated in, and built bug bounty programs at companies such as PayPal and Box and supported similar programs at several other companies. Below is part of a whiteboard session from 2012, conducted before launching PayPal's bug bounty…

Today we are announcing our intent to end Online Certificate Status Protocol (OCSP) support in favor of Certificate Revocation Lists (CRLs) as soon as possible. OCSP and CRLs are both mechanisms by which CAs can communicate certificate revocation information…

Gouge is a simple Burp extension to extract or gouge all URLs which are seen in JS files as you visit different websites/webpages in Burp Suite - mqst/gouge

It took us 10 days to go from “We think this might be vulnerable” to full-blown remote code execution, including the 7 days we were both on holiday.