-
Dec 18, 2017
In this great speech on BlackHat Europe 2017, Mark Ermolov and Maxim Goryachy by Positive Technology talks about the Intel Management Engine subsystem and how the recently discovered vulnerabilities can be used in order to compromise a system.
… read more »
-
Dec 15, 2017
This article on Microsoft’s Technet Blog is really interesting: Moti Bani explain how to investigate suspicious activity on servers using Sysmon Tool.
… read more »
-
Dec 13, 2017
Recently I needed to migrate the contents of a Wordpress 2.1.7 (really old!) on a new installation based on Wordpress 4.9.1.
… read more »
-
Dec 11, 2017
Metasploit Framework is a priceless open-source a tool for developing and executing exploit code against a remote target machine.
… read more »
-
Dec 8, 2017
DLL (Dynamic-link library) are the Microsoft’s implementation of the shared library concept and provide a mechanism for shared code and data, allowing a developer of shared code/data to upgrade functionality without requiring applications to be re-linked or re-compiled.
… read more »
-
Dec 6, 2017
People reuse passwords all the time. How can i check and prevent credential stuffing attacks?
… read more »
-
Dec 4, 2017
Do you want to become a programmer?
… read more »
-
Dec 1, 2017
RadioCarbon is an interesting tool developed by Florian Roth, focused on checking age and origin of a credential leak:
… read more »
-
Nov 29, 2017
UPDATE - Apple released the security patch for the bug:
… read more »
-
Nov 29, 2017
Please note:
… read more »
-
Nov 28, 2017
Two vulnerabilities and an exploit POC impacting the Exim MTA have been publicly disclosed, identified as CVE-2017-16943 & CVE-2017-16944
… read more »
-
Nov 27, 2017
This post on arno0x0x’s blog is awesome: an accurate analysis of some ‘one-line commands’ that can be used on a windows system in order to download a malicious payload and execute it.
… read more »
-
Nov 24, 2017
FatCat is a tool designed to manipulate FAT filesystems, in order to explore, extract, repair, recover and forensic them.
… read more »
-
Nov 23, 2017
A fresh advisory from SAMBA.org:
… read more »
-
Nov 22, 2017
About the “Process Hollowing” i have already written some posts (like this). However, i’ve never published any practical example.
… read more »
-
Nov 20, 2017
Quad9 is a free security solution that uses DNS to protect systems against the most common cyber threats.
… read more »
-
Nov 18, 2017
NOTHING TO HIDE is an independent documentary dealing with surveillance and its acceptance by the general public through the “I have nothing to hide” argument.
… read more »
-
Nov 17, 2017
Santoku is a bootable linux distribution focused on mobile forensics, analysis, and security.
… read more »
-
Nov 15, 2017
About Volatility i have written a lot of tutorials, now let’s try to use this information in a real context extracting the password hashes from a windows memory dump, in 4 simple steps.
… read more »
-
Nov 13, 2017
SQLiv is a Python-based scanning tool that uses Google, Bing or Yahoo for targetted scanning, focused on reveal pages with SQL Injection vulnerabilities.
… read more »