In this post we will cover the basics of Event Logging in Linux systems. We will talk about Syslog: Message structure, the most famous implementations and main configurations.
During a recent engagement, our AppSec team faced an interesting instance of limited Server Side Template Injection in Freemarker.
It is widely known how dangerous using unsanitized data in SQL queries can be.
Recently, a new zero-day vulnerability was made public following a Tweet from @SandboxEscaper, who claimed to be frustrated with Microsoft and their bug submission process.
Etienne Stalmans (@_staaldraad) recently discovered a Remote Code Execution vulnerability in the version-control software Git (CVE-2018-11235).
Mathy Vanhoefm published a set of attacks against the Wi-Fi security protocol WPA2 with the name Key Reinstallation Attacks, or KRACKS.
Between September 6 and 9, the second radare2 conference (r2con) took place in Barcelona. This security conference is mainly focused in radare2, an open-source framework for reverse engineering with a great and active community.
The internet is full of bad guys that are constantly scanning all IP addresses looking for unpatched services, misconfigured servers, or simply gathering information from new targets.