With ever-tightening budgets it can be difficult to convince your managers to invest in security tools.

ModSecurity-envoy - ModSecurity V3 Envoy Filter

ISE Labs Earns 24 CVEs for New Vulnerabilities in TOS, TerraMaster’s NAS OS

Burp is getting a brand new REST API, which can be used by other tools to integrate with Burp Suite: In the initial release, the REST API supports launching vulnerability scans and obtaining the resul

Security in Android P is significantly different than in previous versions, as Google has added many new defensive measures.

Reversing a Japanese Wireless SD Card From Zero to Code Execution Guillaume VALADON - @guedou Before the talk Chromebook console zoom: 175%/200% ./setup.sh zoom the presenter notes

Intro An OpenSSH user enumeration vulnerability (CVE-2018-15473) became public via a GitHub commit. This vulnerability does not produce a list of valid usernames, but it does allow guessing of user…

Domain name abandonment is a major cyber threat to your businesses. This report shows how cybercriminals can hijack your emails and online services.

4 votes and 0 comments so far on Reddit

Enumerating registered BlackHat attendees with the BCard API

Howdy Folks, The last few months have been some VERY exciting times in the world of identity and security standards. Due to the efforts of a broad set of experts across the industry, we’ve made incredible progress in finalizing a broad set of new and improved…

In this write-up, Ryan Hanson describes his process for identifying and exploiting CVE-2018-0952, an arbitrary file creation vulnerability in the Windows Diagnostics Hub Standard Collector service, allowing for elevation of privileges.

Inception - Provides In-memory compilation and reflective loading of C# apps for AV evasion.

Powershell-SSHTools - A bunch of useful SSH tools for powershell

Over the past two weeks, Ryuk, a targeted and well-planned Ransomware, has attacked various organizations worldwide. So far the campaign has targeted several enterprises, while encrypting hundreds of PC, storage and data centers in each infected company.…

The summer of 2017 culminated the substantial research and development effort of a generic solution to CSRF that could be easily applied…

The patch was issued in APSB18–12:

The patch has been released, please upgrade your MAU to 18081201

Semmle security researcher Man Yue Mo explains how he used Semmle QL's Data Flow library to discover multiple RCE vulnerabilities (CVE-2018-11776) in Apache Struts.

A vulnerability affects all versions of the OpenSSH client released in the past two decades, ever since the application was released in 1999.