With the help of a specifically crafted YARA rule developed by NVISO analysts, we found multiple certificate files (.crt) that do not contain a certificate, but instead a malicious PowerShell scrip…

During a Red Team operation, multiple vulnerabilities were discovered in OCS Inventory (version 2.4.1). The following CVEs have been assigned to the vulnerabilities:


CVE-2018-12482 (Multiple SQL Injections in the search engine)

CVE-2018-12483 (Remote…

Have you ever opened Wireshark and thought, “this is nice, but sometimes filtering and following TCP streams is tedious?” If not, open…

Hello friends!

NTT Latest News Release

upash - 🔒Unified API for password hashing algorithms

A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group

DNS rebinding is a known attack against the same origin policy of modern browsers.  The attack works by abusing DNS where a request wit...

We developed a method to detect certificate files that do not contain a real certificate. Trojanized certificates like these are often not detected by AV and IDS. Fake certificates containing a Win…

The Emotet botnet reputation precedes it; historically aggressive and malicious, today it has evolved and incorporated a number of advancements to create a m...

This is a post about injecting carriage return and line feed characters into a internal API call. I wrote this up a year ago as a Gist on…

**TL;DR**: A hacker broke into a few of Reddit’s systems and managed to access some user data, including some current email addresses and a 2007...

Unfortunately, generic IP cameras are notorious for their poor security practices. Most of the time, the manufacturer’s don’t force secure passwords, and mor...

Implementing a Trusted Third-Party System for Secure Shell

A post describing how to escape the MacOS sandbox from within Office