A high-severity vulnerability affecting Cisco ASA and Firepower security appliances is being exploited in the wild after an exploit has been releasedA DoS vulnerability affecting Cisco ASA and Firepower security appliances is being exploited in the wild after…

Author: @Ambulong WordPress is the most popular CMS on the web. According to w3tech, it is used by approximately 30% of all websites. This wide adoption makes it an interesting target for cyber crimin

3 votes and 3 so far on reddit

We present new research that details crucial security weaknesses in Linux software that has been statically linked. We also provide a solution to temporarily resolve these security issues. Finally, we conclude by demonstrating how to have both RELRO [1] and…

During penetration testing exercises, the ability to make a victim connect to an attacker’s controlled host provides an interesting approach for compromising systems.

The proliferation of credit card skimming is evidence enough that many fraudsters’ target of choice is the payment terminal.

Ticketmaster has created this website for customers whose personal information may have been compromised in the Inbenta incident. Ensuring the safety and security of the personal data of customers is very important to Ticketmaster. As soon as it was determined…

Ticketmaster has created this website for customers whose personal information may have been compromised in the Inbenta incident. Ensuring the safety and security of the personal data of customers is very important to Ticketmaster. As soon as it was determined…

The TL;DR up front, because I hate buried leads. Microsoft created an undocumented API that gave incident handlers, forensic teams, and blue teams a tool that they have long wished for and that Microsoft denied having. This API was known to five major forensics…

I wrote a Python noscript (JSgen.py) to generate javanoscript code to be injected in case you find a Server Side Javanoscript Injection (SSJI). It supports both bind and reverse shells, and also two well…

Spoof SSDP replies to phish for NTLM hashes on a network. Creates a fake UPNP device, tricking users into visiting a malicious phishing page.

What is a Certificate Authority?Digital signature.What if the attacker tampered the certificate?Root CA.Chain of Trust.Browser verify the server certificate

Learn how CrowdStrike Services used the Office 365 Activities API to investigate Business Email Compromises (BECs) involving cyber fraud and theft.

Ever took a personality test on Facebook? For years, anyone could have accessed your private information, friends, posts and photos.

A CIA operation to sabotage Soviet industry by duping Moscow into stealing booby-trapped software was spectacularly successful when it triggered a huge explosion in a Siberian gas pipeline.

In part two of the series we are going to explore and leverage Frida's new Arm64Writer API to build an in-memory reverse TCP shell.

We recently published a blog post on security issues and fundamental concepts of WebAssembly (Wasm). As a follow-up, this post will give an introduction to reverse engineering of Wasm applications. Think about a scenario where you come across an unknown Wasm…