For a start, it is worth to remember what is vulnerability, and why one shouldn’t trust data received from outside.

In this blog post René Freingruber (@ReneFreingruber) from the SEC Consult Vulnerability Lab shares different filesystem tricks which were collected over the last years from various blog posts or found by himself. These tricks don't lead to a directly exploitable…

TL;DR – How to open a Tapplock over BLE in under two seconds: Totally Pwning the Tapplock Smart Lock A couple of weekends ago, a YouTuber called JerryRigEverything posted a teardown of a "smart" padlock, called the Tapplock. He discovered that, using a sticky…

We are looking for cybersecurity professionals to test the navigation of an Endpoint Protection Platform's Website, with a method called card sorting.
The test could be easily completed in appr. 15-25 minutes remotely, online, whenever, and wherever with…

PowerShell-Suite - My musings with PowerShell

Coalfire Labs blog posts with opinions, findings and research from the technical testing of IT perspective.

0 points and 0 comments so far on reddit

This guide attempts to outline extension security anti-patterns, as well as provide a usable service (tarnish) to aide developers and security researchers in

A couple of weeks back, I got the opportunity of pentesting an IoT device. To give a brief background, it was a Pi running Apache which served static content. Recently, there has been a lot of focus on IoT security, especially after the havoc created by malware…

1 votes and 1 so far on reddit

June’s “Patch Tuesday” (June 12) is here, but it is likely many Windows 10 users have not yet applied these updates. If you have not, just be sure not to leave your laptop lying around!

1 points and 0 comments so far on reddit

Bishop Fox's Jake Miller explains server-side spreadsheet injection, an attack vector based on CSV injection, in this technical write-up based off his Empire Hacking Meetup presentation.

Today, we are proud to announce a new website we're calling the Internet Intelligence Map. This free site will help to democratize ...

pollyjs - Record, Replay, and Stub HTTP Interactions.

0x01 – Preamble
In Windows operating systems, it is well known that assigning certain privileges to user accounts without administration permissions can result in local privilege escalation attacks. Although Microsoft's documentation is quite clear about…

This post will show you the steps necessary to embed an Empire payload within a trusted PKG installer, using Apple’s own Developer Tools…