This is another write up of my recent talk where I share what tools and techniques I use to protect myself from being hacked.

In this white paper, we explore the complementary and interdependent uses of SIEM, SOAR, and EDR technologies. By using these tools in conjunction with clearly defined roles, security operations teams can reduce costs, improve security, and assist human intelligence…

The Taiwan-based tech giant ASUS is believed to have pushed the malware to hundreds of thousands of customers through its trusted automatic software update tool after attackers compromised the company’s server and used it to push the malware to machines.

What are the common perils and pitfalls CISOs should consider when investing in corporate application security and Application Security Testing (AST)?

I pretty often meet the question: how to attach an Encase image (.e01) to the virtual machine as a primary bootable disk? Sometimes a digital forensics experts...

Contribute to dobin/clang-cfi-safestack-analysis development by creating an account on GitHub.

There are multiple security vulnerabilities in WordPress plugin Social Warfare. Read more about the XSS and RCE vulnerabilities and attack data.

Learn how BokBot, a banking Trojan that targets financial institutions, can manipulate web traffic for financial fraud in this detailed technical analysis.

0 votes and 1 comment so far on Reddit

Gogs CVEs. Contribute to TheZ3ro/gogsownz development by creating an account on GitHub.

This time I am writing about a dead simple and reliable sandbox exploit which only have one line of code. Yeah I am sure it’s an exploit…

allinfosecnews.com aggregates all of the top InfoSec news into one place.

Abusing SketchUp to make persistence on Windows. Contribute to mthbernardes/BadArchitect development by creating an account on GitHub.

0 votes and 1 comment so far on Reddit

Tl;dr: I’ve recently been playing around with Google services, poking here and there for security vulnerabilities. It’s been a quite a roller-coaster experience

Fuzzlon – Dumb 802.15.4 Fuzzer Enigmatos researches interesting attack-vectors that may hinder vehicles’ security and safety. Recently, as part of our ongoing research, we investigated a peculiar CAN-connected device which has an external radio interface…

Man-in-the-Middle with a Raspberry Pi

Working with containerized applications inherently brings on the question of how to best give these applications access to any sensitive information they may need. This sensitive information can often be in the form of secrets, passwords, or other credentials.…