Use this Password Security Compliance Checklist as a tool to strengthen your existing password policy and ensure compliance.

Learn ROP

We found a stack buffer overflow vulnerability which can cause crash in the DNS-proxy feature of ConnMan. In some cases, this vulnerability can cause arbitrary code execution as exec user privilege of ConnMan. We have confirmed the reproducibility of this…

Critical pacemaker vulnerability allows hackers to hack into Abbott's pacemakers using RF waves and fully take control over the running device.

Somewhat incredibly I am the first tech writer on the planet to break this story, but even more incredibly the FCC lets you upload any file…

 Introduction When evidence of the problems described in this report were first noticed, it almost seemed hard to believe. However, for those familiar with the technical history of Arris and their careless lingering of hardcoded accounts on their products…

Exploiting CVE-2016-10277 for untethered jailbreak on Moto devices (and more!)

A major threat  on the web, since it would have already hacked nearly 711 million of email addresses and probably infected at least a hund...

Instagram has revealed that it has suffered from serious data breach and the hacker has gained access to the contact information of the verified users

The OBi200 by Obihai is a VoIP gateway for home/SOHO that integrates with Google Voice. It supports most standard VoIP features out of the box and can integrate with virtually any “bring your own device” SIP service. I purchased one earlier this year to act…

Now, finally sharing something new again, I present CertReq exfiltration! The Spark It all started one Thursday that I was on the bench with an innocuous looking tweet from subTee. He mentioned that it seemed like certreq.exe could arbitrarily POST … Continue…

As headlines about breaches increase, it becomes clear that the current IR capabilities of SIEM providers are not meeting the needs of today’s security teams

WINspect is part of a larger project for auditing different areas of Windows environments. It focuses on enumerating different parts of a...

Somewhat incredibly I am the first tech writer on the planet to break this story, but even more incredibly the FCC lets you upload any file…

Vault 7 is a series of documents and tools released by WikiLeaks, that gives information about detailed activities and capabilities of the US CIA to perform spying and cyber warfare. Today, 31 August 2017, Wikileaks

A processor is not a trusted black box for running code; on the contrary, modern x86 chips are packed full of secret instructions and hardware bugs. In this talk, we'll demonstrate how page fault analysis and some creative processor fuzzing can be used to…