If you’re not familiar with domain fronting then the tl;dr is a number of large CDNs route based on the Host: header which means you can connect to google.co...

We’ve teamed up with Burp Suite to offer promising hackers the full capabilities that Burp Suite Pro offers. When you reach at least a 500 reputation and maintain a positive signal, you are eligible for 3-months free of Burp Suite Professional, the premiere…

Greetings and thanks for stopping by! It is with some seriously mixed emotions that I bring this blog post to you, as this post is the culmination of a failed business and nearly two years of heart…

In an effort to increase the adoption of FIDO U2F second factor authentication, we’re releasing Soft U2F: a software-based U2F authenticator for macOS.

Earlier this year I received a Nextdoor message from my County Police Department announcing a “Property LockBox App” they’d released (purchased) for citizens. There was no previous communication regarding this app that I could find, so I was interested in…

Current protocols for securely delegating computation to remote quantum computers require some form of quantum communication, thus limiting secure access to future cloud-based quantum computing resources. A new analysis shows that it is possible to hide critical…

wifi-cracking - Crack WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat 🖧

As I start two write this, it is 6pm in Seattle and getting close to the end of launch day for the Gravityscan badge program. And I am really happy. We already have over 541 websites that have installed the Gravityscan badge and are getting free daily monitoring…

If you’ve ever been pentesting an organization that had LAPS, you know that it is the best solution for randomizing local administrator passwords on the planet. (You should just be leaving them disabled).
LAPS stores it’s information in Active Directory:…

2 points and 0 comments so far on reddit

As famed wifi hacker Samy Kamkar recently said we should move towards low-cost hacking/exploitation tools. NodeMCU is one of such tools, a…

How you can save your valuable data from getting stolen? Well, there are some security certification courses are available for everyone.

SSL/TLS Client Fingerprinting for Malware Detection

6 points and 0 comments so far on reddit

Posted by Gal Beniamini, Project Zero Mobile devices are becoming an increasingly privacy-sensitive platform. Nowadays, devices process ...

Read about "bsideslv" wiki, training, posts, blogs, discussions, overview, Q&A, vendors, products, and events.

Background If you have followed my research on the infamous CVE-2017-0199 zero-day attack, you may know we (w/ my colleague Bing) did a p...

Shared with Dropbox

Summary In this blog post, we are going to explore what the metadata of a document are and why it's such a juicy source of information for advanced attackers. A document's metadata allows to collect various high-sensitive data such as usernames, software…