When Simon blogged about the risks of JavaScript a few weeks back, he
mentioned that we've begun to see JIT vulnerabilities in submissions to the
ZDI program and as part of Pwn2Own. Today, I'll expand on his blog post by
covering a vulnerability in…

By @dronesec and @breenmachine   This a project my friend drone and I have been poking at for quite some time and are glad to finally be releasing. As the noscript implies, we&#…

Public talks by Royce Williams, with references and errata.

0 points and 0 comments so far on reddit

Demonstrating the OWASP Top 10 : Cross-Site Scripting #3 Bad JavaScript Imports and with example of the code. To learn about XSS

A computer security company has reveled the presence of malware on Facebook Messenger application. A virus spreads for several days on Face...

Last month, a number of users started posting on South Korean sites screenshots of suspicious SMS messages phishing texts (also known as smishing) to lure

A client sent me a question recently asking whether two factor authentication or password resets using cell phones are safe? My initial reaction was yes.

Our team of Positive Technologies researchers has delved deep into the internal architecture of Intel Management Engine (ME) 11, reveali...

2 points and 0 comments so far on reddit

Learn how to read and summarize encrypted data with InnoVault in this tutorial covering both the InnoVault SDK and the e3db SDK for Ruby.

HTTPS is the future and the future is (finally) here. Secure HTTP requests that provide end-to-end encryption between the client making the request and the server providing it with the requested co…

The way companies manage application secrets is critical. Even today, improper secrets management has resulted in an astonishing number of high profile breaches.

Google has just removed nearly 300 applications from the Store. The Mountain View company realized that these applications could secretly ...

Ever fantasized about playing with docker misconfigurations, privilege escalation, etc. within a container? Download this VM, pull out your pentest hats and get started 🙂 We have 2 Modes: HARD: This would require you to combine your docker skills as well…