Here is an article by Roger Grimes, Data-Driven Defense Evangelist at KnowBe4

Ever since Google told the world that none of its 85,000 employees had been succe

Usually, whenever we are auditing a web application with a poorly programmed backend, we might  find SQL Injection vulnerabilities. We will mainly encounter Blind, Error-based or -if we get lucky- Union-based injections. However, it is not quite usual to…

A variation of a class of malicious PDFs appeared in the wild. In this blog post, we will show you how to protect your systems and how to analyze these PDFs. The PDFs embed a file type with extensi…

Until the death of passwords happens, it would be helpful if popular online services would steer users towards choosing better passwords.

We discovered an exploit kit we named Underminer that uses capabilities to deter researchers from tracking its activity or reverse engineering the payloads

Hi Folks, Today I'll be writing about some interesting SQL injection vulnerabilities I recently found. This is a private program so ...

Practical tcpdump examples that gives you maximum packet carving in the minimum amount of time. Includes numerous examples and explanations ranging from basic to advanced—including how to isolate hosts, networks, and specific protocols.

2 points and 1 comments so far on reddit

A high performance offensive security tool for reconnaissance and vulnerability scanning - evyatarmeged/Raccoon

The Trustwave SpiderLabs team has found additional information that we believe may be associated with the recent SingHealth breach. You can read a summary of the breach in a previous post, but as a quick summary, Singaporean authorities announced on...

BYOB (Build Your Own Botnet). Contribute to malwaredllc/byob development by creating an account on GitHub.

Article about how to build backdoors for the Zend Engine.

Someone told me the other day that “no-one does SQL Injection by hand any more”. I want to tell you about a SQL Injection bug that I found…

During a recent webapplication testing I decided to perform some fuzzing of certain paths within the URI of a CMS and happened to find a potential SSTI (server side template injection) within one of t

Source code for Pegasus, a banking Trojan, was recently published online. Although the Carbanak cybercrime gang was referenced in the arch...

We have a new Security Header!! Feature Policy will allow a site to enable or disable certain browser features and APIs in the interest of better security and privacy. Let's take a look! Feature Policy Feature Policy is being created to allow site owners…

NEWS RELEASE FOR IMMEDIATE RELEASEJuly 26, 2018   NCSC Releases 2018 Foreign Economic Espionage in Cyberspace Report The National Counterintellig...