New Mac malware has been found that intercepts encrypted traffic for the purpose of injecting ads into web pages. But could this adware be used for more devious purposes in the future?

March 2003: MS03-007 released with only the ntdll.dll file, and there was a problem on Windows 2000 SP2 with certain versions of ntoskrnl.ex...

Security compliance is a legal concern for organizations in many industries today. Regulatory standards like PCI DSS, HIPAA, and ISO 27001 prescribe recommendations for protecting data and improving info security management in the enterprise.

Abandoned, shadow and legacy applications undermine cybersecurity and compliance of the largest global companies despite growing security spending.

Like other technology focused on user experience, we often see attackers leveraging the Open Graph Protocol to support nefarious activities.

Cymulate’s research team has discovered a way to abuse the Online Video feature on Microsoft Word to execute malicious code. Attackers could use this for malicious purposes such as phishing, as the document will show the embedded online video with a link…

Bluetooth Low Energy (BLE) is a wireless standard, widely used to communicate Android and iOS mobile applications with devices of many kinds. These include home security, medical and other which may exchange sensitive data or perform sensitive operations.…

Earlier this year, I decided to take a sabbatical. I wanted to reflect on my infosec work and decide what I would like to focus on in the coming years. As you probably know, I’ve spent the last nine years mostly fighting the battle to secure the endpoint…

an asynchronous target enumeration tool. Contribute to welchbj/bscan development by creating an account on GitHub.

Content of Exploitation, What is an exploit?, Types of exploits, Local remote and 0day exploits, Exploit Databases, Example Exploit Scenarios

A mistake in the process used by the Signal Desktop application to encrypt locally stored messages leaves them wide open to an attacker.

By using the nginx auth_request module and Lasso you can protect any application running behind your nginx reverse proxy with OAuth. Lasso…

4 votes and 0 comments so far on Reddit

Backwards program slice stitching for automatic CTF problem solving. - ChrisTheCoolHut/Rocket-Shot

BlackEye Phishing Kit in Python w Serveo Subdomain Creation - M4cs/BlackEye-Python

Video Walkthrough: Introduction: This week’s retiring machine is Bounty, which is a beginner-friendly box that can still teach a few new tricks.  Bounty is rated 4.8/10, which I feel is prett…

PoC for persisting .NET payloads in Windows Notification Facility (WNF) state names using low-level Windows Kernel API calls. - ustayready/CasperStager