ICEBRG reduces network security risk by accelerating threat detection, triage, and response to rapidly-evolving breaches across global networks.

A bash noscript to automatize the analysis of APKs: unzip, decompile, analyze and extract information.

As part of our ongoing security research efforts, we recently reviewed various Supermicro systems and discovered serious firmware vulnerabilities.

The “Steam Inventory Helper” Chrome extension version 1.13.6 suffered from both a DOM-based Cross-site Scripting (XSS) and a clickjacking vulnerability. By

Industry largely underestimates the critical societal need to embody the highest levels of security in every network-connected device—every child’s toy, every household’s appliances, and every industry’s equipment. High development and maintenance costs have…

MycroftAI-RCE - "Zero Click" Remote Code Execution in Mycroft AI vocal assistant

Hi there!

m4ngl3m3 - Common password pattern generator using strings list

In this blog series, I will talk about my endpoint detection stack focused on Windows environments and mostly based on Sysmon.

On a typical red team assessment, a redirector is a crucial part of the infrastructure in use. A redirector is basically a box that sits out on the internet (usually in some type of cloud service provider’s network) and forwards traffic for the red team so…

What are the uses of cookie flags such as SameSite, Secure and HttpOnly. Man in the middle attack. Cookie stealing. Cross site request forgery.

A write up of several security vulnerabilities I discovered in Siaberry, including command-injection, clickjacking, and more.

CSS XSS came back for a bit which lead to an unusual uXSS

See how to go beyond standard U2F functionality of your YubiKey and authenticate via SSH from a Mac with a PGP key on a USB stick.

Firewall Weakness in Microsoft Azure’s Backplane Health Check I decided to do this write up because Microsoft doesn’t really give the full story on their website when describing why ports 65503-65534 need to be open to everything on the internet. Azure customers…

Author: Ambulong 1 phpMyAmin 4.7.x XSRF/CSRF Vulnerability (PMASA-2017-9)phpMyAdmin is a well-known MySQL/MariaDB online management tool, phpMyAdmin team released the version 4.7.7 that addresses the

What a Brute Force Attack is? How to defend yourself or even prevent it? Get all the information about Brute Force Attack, and be armed and ready for all the fraud schemes which may be implemented on your resource.

A Public Disclosure of Issues Around Third

As an attacker, initial access can prove to be quite the challenge against a hardened target. When selecting a payload for initial access…

A showcase of real-world phishing emails caught by our anti-phishing technology