@TroyHunt #DataSecurity #authentication #databreaches

This week we discuss the long-awaited end of StartCom & StartSSL, inside last week's macOS passwordless root account access and problems with Apple's patches, the question of A…

In this blog post i will cover QNX's Qnet native networking protocol and an Elevation of Privilege vulnerability (CVE-2017-3891) i discovered in it.

Yesterday I gave a talk at Black Hat about my recent research with Disco.
I've introduced both the Strobe protocol framework and the Noise protocol framework in the past. So I won't go over them again, but I advise you to read these two blog posts before…

A new bill could send company executives to jail if they fail to disclose a cybersecurity event to the public within a reasonable amount of time, or intentionally attempt to conceal it.

"Based on the leaked database they appear to collect everything from contacts to keystrokes," researchers said.

A behind-the-scenes look at the hacks in “eps3.8_stage3.torrent”, featuring memory forensics, rootkits, fuzzing, covert C2, and more!

Microsoft Issues Emergency Patch For 'Critical' RCE Bug (CVE-2017-11937) in Windows Malware Protection Engine

6 points and 4 comments so far on reddit

… and it was still in use for more than 100 days after the initial report

3 points and 0 comments so far on reddit

In June 2017, JPCERT/CC released a report “Detecting Lateral Movement through Tracking Event Logs” on tools and commands that are likely used by attackers in lateral movement, and traces that are left on Windows OS as a result of such...

This week's TTT episode talks about the cloud file, note and thought organizer Evernote. Over the years Evernote has solidified themselves as a robust, feature full online cloud and productivity tool. Use it to store receipts, manuals, web articles, thoughts…

A serious vulnerability (CVE-2017-13156) in Android allows attackers to modify the code in applications without affecting their signatures. The root of the problem is that a file can be a valid APK file and a valid DEX file at the same time. We have named…

Full disclosure I am not a penetration tester and I failed my OSCP exam twice before eventually passing on the third attempt. I owned more than 90% of boxes in the labs (including the big three) but when it came to the exam I just kept bombing out. I am…

As more websites obtain SSL certificates, the number of potential HTTPS websites available for compromise increases.

reddit: the front page of the internet

    Meterpreter is a well-known Metasploit [1] remote agent for pentester's needs. This multi-staged payload is a good, flexible and easy-...