What are crawlers a.k.a spiders? Content of robots.txt. Allow and Disallow commands. How secure is robots.txt. Robot exclusion standard or simply robot.txt

The ongoing shift of emphasis in the cyber security industry from defensive, reactive actions towards pro-active detection and response has fueled veteran Finnish security company F-Secure’s …

Preface
I’ve seen some fantastic research done by Linus Särud and by Bo0oM on how Safari’s handling of special characters could be abused.

Note: This post does not explain the EternalRomance exploit chain, just a quirky bug in the Equation Group's client. For comprehensive expl...

For the past several months, VDOO’s security research teams have been undertaking broad-scale security research of leading IoT products, from the fields of safety and security. In most cases, the r…

In this part, we'll continue the analysis of APT33's Dropshot using Cutter, a GUI for radare2. We'll learn how to decrypt Dropshot's payload and write a noscript to do it quickly.

I've spoken a couple of time recently about CT and it really is an awesome thing to have. We can now add one more wicked feature to our arsenal thanks to CT and Facebook, and that's the ability to easily detect phishing sites. Certificate Transparency I've…

tld_scanner - Scan all possible TLD's for a given domain name

Sometimes managers must deal with penetration test results that are not what they wanted to see. Raxis CTO, Brian Tant, talks about next steps.

At Rhino Security Labs, we do a lot of penetration testing for AWS architecture, and related AWS security research.  This will cover findings in Privilege Escalation methods

Hacker news | China supposedly exfiltrated classified data pertaining to the US Navy projects after a successful cyber-attack on an unnamed Navy contractor caused the loss of 614 gigabytes of cryptographic information, sensor data

This research on "Deserialization vulnerabilities in various languages" uses examples of vulnerable implementations of the deserialization processes. In this post, we show the results of the research and the new approach of attacking deserialization in JS.

In software security, root cause analysis (RCA) is the process used to “remove the mystery” from irregular software execution and measure the security impact...

We at Forcepoint have recently touched on the topic of WebAssembly (also known as WA or Wasm). Part of this effort was discussed briefly in an earlier blog post on in-browser coin mining. Today we are going to talk more about the basics of Wasm, and discuss…

By developing custom C#-based assemblies, attackers no longer need to rely on the tools present on the target system; they can instead write and deliver their own tools using a technique we call Bring Your Own Land (BYOL).