tld_scanner - Scan all possible TLD's for a given domain name

Sometimes managers must deal with penetration test results that are not what they wanted to see. Raxis CTO, Brian Tant, talks about next steps.

At Rhino Security Labs, we do a lot of penetration testing for AWS architecture, and related AWS security research.  This will cover findings in Privilege Escalation methods

Hacker news | China supposedly exfiltrated classified data pertaining to the US Navy projects after a successful cyber-attack on an unnamed Navy contractor caused the loss of 614 gigabytes of cryptographic information, sensor data

This research on "Deserialization vulnerabilities in various languages" uses examples of vulnerable implementations of the deserialization processes. In this post, we show the results of the research and the new approach of attacking deserialization in JS.

In software security, root cause analysis (RCA) is the process used to “remove the mystery” from irregular software execution and measure the security impact...

We at Forcepoint have recently touched on the topic of WebAssembly (also known as WA or Wasm). Part of this effort was discussed briefly in an earlier blog post on in-browser coin mining. Today we are going to talk more about the basics of Wasm, and discuss…

By developing custom C#-based assemblies, attackers no longer need to rely on the tools present on the target system; they can instead write and deliver their own tools using a technique we call Bring Your Own Land (BYOL).

sslmerge - Is an open source tool to help you build a valid SSL certificate chain from the root certificate to the end-user certificate. Also can help you fix the incomplete certificate chain and d...

7 votes and 0 so far on reddit

TL;DR Following the wrong link could allow remote attackers to control your WiFi router, Google Home, Roku, Sonos speakers, home…

It's been nearly two months since the high profile BGP hijack attack against MyEtherwallet, where crypto thieves used BGP leaks to hijack MEW's name servers, which were on Amazon's Route53, and inserted their own fake name servers which directed victims to…

ZeroFont attacks involve inserting hidden words with a font size of zero that are invisible to the recipient into a phishing email in order to fool Microsoft's impersonation scanning.

Affected Software: IPConfigure Orchid Core VMS (All versions < 2.0.6, tested on Linux and Windows) Vulnerability: Unauthenticated Privileged Directory Traversal CVE: CVE-2018-10956 Impact: Arbit…

Taking a look how afl-fuzz behaves on different file systems.

Learn how CrowdStrike Services used the Office 365 Activities API to investigate Business Email Compromises (BECs) involving cyber fraud and theft.

While doing background research on OpenVPN I stumbled upon an interesting question on Stack Exchange.