Many users with older versions of Android are prime targets with less hardend security. We will briefly look at the attack surface of an Android device.

Techniques I used when starting a startup and keeping my job as a day trader

It happens to all testers eventually. You come across a file share hosting dozens of database backups. Giddiness ensues as you realize you have full read access and can copy any of them down to your dropbox, until you notice the database backups are tens…

A significant bug has been discovered in FaceTime and is currently spreading virally over social media. The bug lets you call anyone with FaceTime, and immediately hear the audio coming from their …

Earlier today, we open-source ee-outliers, our in-house developed framework to detect outliers in events stored in Elasticsearch. This blog post is the first of several in which we want to dive a b…

Thread by @3lbios: "So I wanted to encrypt some files. Thought about using 7z+password. Stackexchange folks said "Didn't review it but it sho I did. After a few mins I noticed they use 8byte "random" IV. Yes, h […]" #7zip #encryption #facepalm #randomness

In most organisations using Active Directory and Exchange, Exchange servers have such high privileges that being an Administrator on an Exchange server is enough to escalate to Domain Admin. Recently I came across a blog from the ZDI, in which they detail…

Semi-automatic OSINT framework and package manager - kpcyrd/sn0int

1 vote and 0 comments so far on Reddit

3 votes and 0 comments so far on Reddit

Fully-featured spear-phishing toolkit - web front-end - m1nl/pompa

While it only made the news yesterday, it appears Apple was alerted to a major FaceTime privacy bug over a week ago. Twitter user MGT7500...

Leo Express is a Czech company operating train and bus lines in Central Europe. When I signed up, I noticed that on every page load a GraphQL request is sent to the server, which returns my account information in JSON. GraphQL is a query language for APIs…

A new smart device that “takes the guesswork out of watering.” An IoT device that extends the boundaries of your smart home into the yard…

Apple in August 2018 forced Facebook to remove its Onavo VPN app from the App Store, because Facebook was using it to track user activity and data...

We are excited to start the New Year off with a new release (v0.8.3) of step certificates, the powerful open source certificate management solution. Amongst regular bug fixes, we’ve included some exciting new features!

One of the most critical aspects of crime is to understand intent so we can further understand the increasingly cozy relationship between black hat hackers and white collar criminals

The original mortgage and credit documents involved in the 24 million Elasticsearch data breach also have been found residing in an open Amazon S3 bucket.

Basic Electron Exploitation. Contribute to ctxis/beemka development by creating an account on GitHub.