Have you ever been on a internal network assessment and discovered an unauthenticated writable Windows-based file share? Well, in addition to finding potentially sensitive information, you can abus…

Global Security Advisory Services Size, Share, Outlook & Global Security Advisory Services Analysis By Service Type (Penetration Testing, Vulnerability Management, Risk Management Competition Forecast & Opportunities

Linux Lord fires up over proposal to secure Linux by shutting down wonky processes

South Korea Winter Olympics offer an opportunity for cybercriminals to achieve notoriety and profit. There are lessons to be learned from the past.

CVE-2017-16544: A Busybox autocompletion vulnerability from Twistlock. Dev-to-Production Docker and container security for enterprises.

BASELINE – SANS & Offensive-Security File size: 85 GB

BASELINE – SANS & Offensive-Security File size: 85 GB

The Internet of Things lack of security focus strikes again! This times it is a flaw in Bluetooth dubbed BlueBorne than impacts billions of mobiles devices and now your home devices too. This episode goes into the flaw, how it can be exploited and what you…

With Chrome backing away from HTTP Public Key Pinning and other industry thought-leaders calling for its death, I figured I'd take some time to review some

Table of Contents1 Introduction2 Self Imposed Restrictions3 Methods used:4 Criteria for PE file selection for implanting backdoor4.1 ASLR: 4.2 Static Analysis5 Backdooring PE file6 Adding a new Section header method6.1 Hijack Execution Flow6.2 Adding Shellcode6.3…

Table of Contents1 Introduction2 Self Imposed Restrictions3 Methods used:4 Criteria for PE file selection for implanting backdoor4.1 ASLR: 4.2 Static Analysis5 Backdooring PE file6 Adding a new Section header method6.1 Hijack Execution Flow6.2 Adding Shellcode6.3…

BYOD, or bring-your-own-device, had been a buzzword in the enterprise and small business community since the mid 2000s. When smartphones and tablets came into fashion, not all businesses were ready to spend for their employees’ device needs.

LOUISVILLE, Ky. -- Federal authorities pointed Friday to multiple arrests and convictions in Kentucky as just the start of a crackdown on credit card skimmers who target gas pumps to steal personal information.

Android smartphones running Lolipop, Marshmallow, and Nougat, are vulnerable to an attack that exploits the MediaProjection service to capture the user's screen and record system audio

Reference on modifying and repackaging, as well as compiling Burp Suite extensions from source.

Security Awareness Blog blog pertaining to lspitzner

Microsoft Windows 8 introduced a change in how system-wide mandatory ASLR is implemented. This change requires system-wide bottom-up ASLR to be enabled for mandatory ASLR to receive entropy. Tools that enable system-wide ASLR without also setting bottom-up…

Microsoft Windows 8 introduced a change in how system-wide mandatory ASLR is implemented. This change requires system-wide bottom-up ASLR to be enabled for mandatory ASLR to receive entropy. Tools that enable system-wide ASLR without also setting bottom-up…

TP-Link uses the same firmware in most of Europe, but fails to keep their regional websites up to date with the latest versions.

Security researchers have discovered a new variant of Terdot banking Trojan that steals social media and email accounts as well, along with bank account details.

By @breenmachine   Sometimes the marketing department goes a little too far. Most of us who work in security have been there, non-technical people enthusiastic about selling the technical feat…