PineSec is a"CitySec" Information Security Meetup in Manchester, New Hampshire
Our topic for June is the Internet of Insecure Things.   Bring your favorite IoT gadget to be torn apart (literally or figuratively) for our amusement.
PineSec is an informal monthly…

Some time ago I detailed PHP Object Injection vulnerabilities and this post will get into details of Java deserialization vulnerabilities. The concept is simple: developers use a feature of the pro…

IoT attacks can be classified into three levels: Level 0 (attacking device with no authentication), Level 1 (guessing a weak/default…

According to reporting of trusted third parties, HIDDEN COBRA actors have likely been using both Joanap and Brambul malware since at least 2009 to target multiple victims globally and in the United States—including the media, aerospace, financial, and critical…

This blog post explains the story behind a bug which had existed in the Steam client for at least the last ten years, and until last July would have resulted in remote code execution (RCE) in all 15 million active clients. 

Proof of Stake protocols are in the spotlight as more and more high-profile blockchains attempt to switch over from Proof of Work…

Recently, the ASERT team at Arbor Networks, published a report on an old version of the Absolute Software product, Absolute LoJack for laptops, being illicitly modified by suspected APT28 actors. The LoJack implant, previously known

I was reading an article from Brian Krebs about the Real Jokers Stash and the crazy stuff that goes into the darkweb / cybercrime forums…

A hacker took control of Ticketfly's website and claims to have stolen the company's customer database.

Occasionally, one or several phases requiring physical access to a machine are included during Red Team exercises. This requires redesigning how to confront this type of particular scenarios. In this post, it is explained the physical intrusion process followed…

Schedule, talks and talk submissions for BSidesLisbon2018

hunting-ct-bigquery - Hunting Certificate Transparency log with BigQuery

In this blog, we will quickly go through what is the Certificate Transparency log and how we used BigQuery to search for bad domains trying to spoof a business’s domain (and how you can do it as well). Certificate Transparency … Read More

1. Advisory InformationTitle: Quest DR Series Disk Backup Multiple VulnerabilitiesAdvisory ID: CORE-2018-0002Advisory URL: http://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilitiesDate published: 2018-05-31Date of last update:…

1. Advisory InformationTitle: Quest KACE System Management Appliance Multiple VulnerabilitiesAdvisory ID: CORE-2018-0004Advisory URL: http://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilitiesDate published: 2018…

1. Advisory InformationTitle: Quest DR Series Disk Backup Multiple VulnerabilitiesAdvisory ID: CORE-2018-0002Advisory URL: http://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilitiesDate published: 2018-05-31Date of last update:…

Coalfire Labs blog posts with opinions, findings and research from the technical testing of IT perspective.