About ATT&CK™

When we started out with our online training courses over 12 years ago, we made hard choices about the nature of our courses and certifications. We went against the grain, against the common certification standards, and came up with a unique certification…

By Mark Brand and Ivan Fratric, Google Project Zero In this blog post, we are going to write about a seldom seen vulnerability class tha...

496 votes and 39 comments so far on Reddit

Here is an article by Roger Grimes, Data-Driven Defense Evangelist at KnowBe4

Ever since Google told the world that none of its 85,000 employees had been succe

Usually, whenever we are auditing a web application with a poorly programmed backend, we might  find SQL Injection vulnerabilities. We will mainly encounter Blind, Error-based or -if we get lucky- Union-based injections. However, it is not quite usual to…

A variation of a class of malicious PDFs appeared in the wild. In this blog post, we will show you how to protect your systems and how to analyze these PDFs. The PDFs embed a file type with extensi…

Until the death of passwords happens, it would be helpful if popular online services would steer users towards choosing better passwords.

We discovered an exploit kit we named Underminer that uses capabilities to deter researchers from tracking its activity or reverse engineering the payloads

Hi Folks, Today I'll be writing about some interesting SQL injection vulnerabilities I recently found. This is a private program so ...

Practical tcpdump examples that gives you maximum packet carving in the minimum amount of time. Includes numerous examples and explanations ranging from basic to advanced—including how to isolate hosts, networks, and specific protocols.

2 points and 1 comments so far on reddit

A high performance offensive security tool for reconnaissance and vulnerability scanning - evyatarmeged/Raccoon

The Trustwave SpiderLabs team has found additional information that we believe may be associated with the recent SingHealth breach. You can read a summary of the breach in a previous post, but as a quick summary, Singaporean authorities announced on...

BYOB (Build Your Own Botnet). Contribute to malwaredllc/byob development by creating an account on GitHub.