World Password Day is something that cannot be ignored in today’s modern world, especially where our data is just one password away from hackers. This article will guide you why World Password Day 2018 is vital for you, how should you celebrate it, and how…

Hi Guys,

Last November, the SEC Consult Cryptography Competence Center came across a rather interesting cryptographic format used by the Oracle Access Manager (OAM). In this blog post we will demonstrate how minor peculiarities of the cryptographic implementation…

A common problem about centralized messaging solutions is the sharing of sensitive information during day by day use, preserving, at the...

News has just started spreading that researchers have sighted another eight Spectre like vulnerabilities in Intel processors, all resemble Spectre, four of them are critical. The new vulnerabilities ...

Today’s security equipment is IP-enabled and connected to larger networks, which enables greater flexibility, but also makes the security system the weakest link in the organization IT-security chain.

JavaScript based GLitch pwns browsers by flipping bits inside memory chips.

‘Beautifully simple’ flaw allows attackers to impersonate trusted sites.

Cryptomining is the new word seen more and more in reports and stories of upcoming risks to companies. What is it? Why do I care? This episode goes into what cryptomining is, how it works and why your business needs to be concerned and protect against it. …

Security of microservices and APIs: the Achilles' heel of modern web applications.

What is GLitch? GLitch is one part of our series of Rowhammer attacks. We started by breaking the EDGE browser and the cloud. Then we moved towards Android devices showing how to root them with bit flips. This time we wanted to show that also mobile phones…

Astra - Automated Security Testing For REST API's

We are all increasingly dependent on third parties for our security, and most folk are doing a shockingly bad job of managing related risks.

Link to the Bloomberg article
Target and their air conditioning supplier, OPM and just about all their ke

Details of a JasperReports vulnerability (CVE-2018-5430) which allows an attacker to access or include files from the filesystem hosting the application.

Home of Nikhil SamratAshok Mittal. Posts about Red Teaming, Offensive PowerShell, Active Directory and Pen Testing.

Spectre and Meltdown may not be getting as many headlines as they were a few months ago, but that could soon all change following the discovery of eight Spectre-style security issues in Intel’s CPUs.

asylo - Asylo Framework

Security of microservices and APIs: the Achilles' heel of modern web applications.

New flaws and even more patches - "Spectre Next Generation" is just around the corner. According to information exclusively available to c't, researchers have already found eight new security holes in Intel processors.