Start now

Advance

For technical nomads, this is your guide to everything in cybersecurity

Stay secure while teleworking

Stay secure while teleworking

Working from home reduces the chance of spreading the virus, but it exposes us to other types of risks.

Testlink 1.9.20: Unrestricted file upload and SQL injection

Testlink 1.9.20: Unrestricted file upload and SQL injection

Testlink is an open source, web based test management and test execution system written in PHP (a scripting language also known as an Hypertext Preprocessor).

The rise of Emotet

The rise of Emotet

Emotet is a multipurpose malware which is mainly distributed through spam mails. It was first spotted in 2014 and was designed to steal bank account details.

4 steps to manage cybersecurity incidents

4 steps to manage cybersecurity incidents

We understand cybersecurity incidents as any event that can harm a system’s confidentiality, integrity or availability.

Execution – Powershell (T1086)

Execution – Powershell (T1086)

Powershell is a commandline interface (CLI) with command and scripting capabilities. Its main targets are System Administrators to automate task and control it.

Initial Access – Drive-by Compromise (T1189)

Initial Access – Drive-by Compromise (T1189)

This post is the first of a series of posts that will provide a better understanding about the techniques used by adversaries to reach their tactical objectives.

Basics- Linux Events Logging

Basics- Linux Events Logging

In this post we will cover the basics of Event Logging in Linux systems. We will talk about Syslog: Message structure, the most famous implementations and main configurations.

In-depth Freemarker Template Injection

In-depth Freemarker Template Injection

During a recent engagement, our AppSec team faced an interesting instance of limited Server Side Template Injection in Freemarker.

First proactive behavioral analytics solution CylancePERSONA

First proactive behavioral analytics solution CylancePERSONA

Newest Addition to Leading Native AI Platform Provides Continuous User Authentication Across the Organization Using the Cylance Trust Score.

An unusual case of Client SQL Injection

An unusual case of Client SQL Injection

It is widely known how dangerous using unsanitized data in SQL queries can be.

Recovering SQLCipher encrypted data with Frida

Recovering SQLCipher encrypted data with Frida

Our AppSec team has faced the SQLCipher library during some recent security audits of mobile applications. According to their GitHub README:

A walkthrough  of the new Windows 0 day released on twitter

A walkthrough of the new Windows 0 day released on twitter

Recently, a new zero-day vulnerability was made public following a Tweet from @SandboxEscaper, who claimed to be frustrated with Microsoft and their bug submission process.