Industry largely underestimates the critical societal need to embody the highest levels of security in every network-connected device—every child’s toy, every household’s appliances, and every industry’s equipment. High development and maintenance costs have…

MycroftAI-RCE - "Zero Click" Remote Code Execution in Mycroft AI vocal assistant

Hi there!

m4ngl3m3 - Common password pattern generator using strings list

In this blog series, I will talk about my endpoint detection stack focused on Windows environments and mostly based on Sysmon.

On a typical red team assessment, a redirector is a crucial part of the infrastructure in use. A redirector is basically a box that sits out on the internet (usually in some type of cloud service provider’s network) and forwards traffic for the red team so…

What are the uses of cookie flags such as SameSite, Secure and HttpOnly. Man in the middle attack. Cookie stealing. Cross site request forgery.

A write up of several security vulnerabilities I discovered in Siaberry, including command-injection, clickjacking, and more.

CSS XSS came back for a bit which lead to an unusual uXSS

See how to go beyond standard U2F functionality of your YubiKey and authenticate via SSH from a Mac with a PGP key on a USB stick.

Firewall Weakness in Microsoft Azure’s Backplane Health Check I decided to do this write up because Microsoft doesn’t really give the full story on their website when describing why ports 65503-65534 need to be open to everything on the internet. Azure customers…

Author: Ambulong 1 phpMyAmin 4.7.x XSRF/CSRF Vulnerability (PMASA-2017-9)phpMyAdmin is a well-known MySQL/MariaDB online management tool, phpMyAdmin team released the version 4.7.7 that addresses the

What a Brute Force Attack is? How to defend yourself or even prevent it? Get all the information about Brute Force Attack, and be armed and ready for all the fraud schemes which may be implemented on your resource.

A Public Disclosure of Issues Around Third

As an attacker, initial access can prove to be quite the challenge against a hardened target. When selecting a payload for initial access…

A showcase of real-world phishing emails caught by our anti-phishing technology

XBruteForcer - X Brute Forcer Tool 🔓 WordPress , Joomla , DruPal , OpenCart , Magento

By employing machine learning algorithms, we were able to discover an enormous certificate signing abuse by BrowseFox, a potentially unwanted application (PUA) detected by Trend Micro as PUA_BROWSEFOX.SMC.

In February 2018 I wrote about CAA records. CA’s must check and respect these records when a customer orders a certificate. This is a good thing and it can be a good security measure to use t…

Homepage of Jochen Hoenicke