As an attacker, initial access can prove to be quite the challenge against a hardened target. When selecting a payload for initial access…

A showcase of real-world phishing emails caught by our anti-phishing technology

XBruteForcer - X Brute Forcer Tool 🔓 WordPress , Joomla , DruPal , OpenCart , Magento

By employing machine learning algorithms, we were able to discover an enormous certificate signing abuse by BrowseFox, a potentially unwanted application (PUA) detected by Trend Micro as PUA_BROWSEFOX.SMC.

In February 2018 I wrote about CAA records. CA’s must check and respect these records when a customer orders a certificate. This is a good thing and it can be a good security measure to use t…

Homepage of Jochen Hoenicke

For a start, it is worth to remember what is vulnerability, and why one shouldn’t trust data received from outside.

In this blog post René Freingruber (@ReneFreingruber) from the SEC Consult Vulnerability Lab shares different filesystem tricks which were collected over the last years from various blog posts or found by himself. These tricks don't lead to a directly exploitable…

TL;DR – How to open a Tapplock over BLE in under two seconds: Totally Pwning the Tapplock Smart Lock A couple of weekends ago, a YouTuber called JerryRigEverything posted a teardown of a "smart" padlock, called the Tapplock. He discovered that, using a sticky…

We are looking for cybersecurity professionals to test the navigation of an Endpoint Protection Platform's Website, with a method called card sorting.
The test could be easily completed in appr. 15-25 minutes remotely, online, whenever, and wherever with…

PowerShell-Suite - My musings with PowerShell

Coalfire Labs blog posts with opinions, findings and research from the technical testing of IT perspective.

0 points and 0 comments so far on reddit

This guide attempts to outline extension security anti-patterns, as well as provide a usable service (tarnish) to aide developers and security researchers in

A couple of weeks back, I got the opportunity of pentesting an IoT device. To give a brief background, it was a Pi running Apache which served static content. Recently, there has been a lot of focus on IoT security, especially after the havoc created by malware…

1 votes and 1 so far on reddit

June’s “Patch Tuesday” (June 12) is here, but it is likely many Windows 10 users have not yet applied these updates. If you have not, just be sure not to leave your laptop lying around!