ModSecurity v3 and URI Fragments
ModSecurity is an open-source WAF engine maintained by Trustwave. This blog post discusses an input ...
Read MoreModSecurity is an open-source WAF engine maintained by Trustwave. This blog post discusses an input ...
Read MoreOn, July 2nd, a massive ransomware attack was launched against roughly 60 managed services ...
Read MoreSometimes when pen-testing a large network you come across a few exposed web hosts running ...
Read MoreSometimes when pen-testing a large network you come across a few exposed web hosts running ...
Read MoreThe use of novel disk image files to encapsulate malware distributed via spam has been a theme that ...
Read MoreBackground On May 25th, 2021, VMWare released patches to address VMSA-2021-0010, a critical ...
Read MoreSummer is officially here and with it June's Patch Tuesday. This is a surprisingly light month with ...
Read MoreIn today's world, more and more devices are connected to the Internet for on-the-go connectivity. ...
Read MoreUntil recently, I really didn't care about web applications on an internal penetration test. ...
Read MoreIn the May 2021 Microsoft update, Microsoft patched an HTTP.sys vulnerability that has the ability ...
Read MoreSharepoint is generally used as an intranet site, to share news and other internal company ...
Read MoreMay's Patch Tuesday is upon us and probably the most surprising thing about the release is that ...
Read MoreIntroduction In this post, we analyze a piece of malware that we encountered during a recent breach ...
Read More“All your base are belong to us”, Zero game 1992
Read MoreApril's Patch Tuesday is upon us and it is showering us with patches for a total of 108 CVEs. This ...
Read MoreThis blog investigates an interesting phishing campaign we encountered recently. In this campaign, ...
Read MoreUmbraco version 8.9.0 (also seen in 8.6.3) has a privilege escalation issue in the core ...
Read MoreFrom time to time, we all receive some unexpected messages. Either through social media or email. ...
Read MorePicture the scene, you’re on an application penetration test (as a normal user) and you’ve managed ...
Read MoreThe recent Microsoft Exchange Server zero-day exploits (CVE-2021-26855, CVE-2021-26857, ...
Read MoreThe .zipx file extension is used to denote that the ZIP archive format is compressed using advanced ...
Read MoreThe March Patch Tuesday is here and it's been an unfortunately busy month for Microsoft. Earlier ...
Read MoreAgent Tesla is a common Remote Access Trojan (RAT) discovered in 2014. This threat is capable of ...
Read MoreFebruary is here and with it comes a relatively light Patch Tuesday. Only 56 CVEs are being patched ...
Read MoreUpdates: This blog post was updated Feb. 9 to include Proof-of-Concept (PoC) code.
Read MoreThe first Patch Tuesday of 2021 is here and the year is starting out lighter than most. Perhaps a ...
Read MoreDescription: This blog post focuses on the privacy issues that Microsoft Teams & Skype desktop ...
Read More