14 votes and 2 comments so far on Reddit

It’s Monday night, there is nothing interesting on TV. I’m on my couch scrolling my Twitter feed when I saw this Fox News’ tweet…

Until the day TLS 1.3 becomes widely supported, web servers must rely on a fallback to TLS 1.2 with correctly configured server directives and strong cipher suites. Pick the wrong settings and you declare an open season on your server. The basics of TLS The…

This post highlights several mistakes in the patches released for vulnerabilities affecting various services of HPE Intelligent Management Center, with a focus on its native binaries.

CVE-2018-17456. GitHub Gist: instantly share code, notes, and snippets.

Use of DNS infrastructure is a staple of blind application testing and data exfiltration. Both of these scenarios are applicable in most pentest engagements but building engagement specific DNS infrastructure can be a pain. Now with so many cloud providers…

A couple months ago, Cody Wass released a blog on how to bypass SSL verification and certificate pinning for Android. I thought it would be a great idea to write up some techniques that I’ve found to work well for iOS. To reiterate from Cody’s blog, being…

In episode 21 of The Secure Developer, Guy meets with Julie Tsai, Head of Security for the RealReal, to discuss ways to manage secure systems and bridge the gap between security and DevOps.

Protect your user data with this step-by-step guide to secure your servers and applications.

A large budget doesn’t guarantee an airtight system and even the largest corporations have been known to overlook many common security liabilities.

Use publicly available tools to quickly start fuzzing browsers.

For the last week, VetSec competed in the Hacktober.org CTF event, which consisted of challenges in forensics, steganography, programming, offensive tactics, web application, reverse engineering, c…

A cookie stealer disguised as a gif image. Contribute to victorqribeiro/cookieStealer development by creating an account on GitHub.

Identifying threats within encrypted network traffic poses a unique set of challenges, i.e. monitoring traffic for threats and malware, but how to do so while maintaining the privacy of the user.

I attended the Messaging, Malware and Mobile Anti-Abuse Working Group (m3aawg.org) meeting in Brooklyn, NY. I expected better weather to wander around the city while enjoying the conference and the neighborhood's wide selection of food. I had been so confident...

A basic reverse engineering challenge for a CTF and a mini intro to RE.

This article will be about using IAT hooking methods for offensive purposes. These methods can be used in multiple situations where attacker needs to evade certain defense and analysis mechanism or hide from the victim in low privileged environments. Before…