Resources
Security resources for you: Blog posts, white papers, security advisories, and educational video content
Blog
Network monitoring with nmap
Asset management is a problem we help many of our customers with. What are an organization's assets, and how accurate and up-to-date is this information? Even with a mature asset management program, organizations want some form of validation of their result. From a...
Android Hard Coded Secrets
One of the more common findings we report for Android security reviews is an issue involving hard coded secrets. This blog post will specifically focus on hard coded secrets used for encrypting application data. I'll try to use a bit of light threat modeling and risk...
Command Injection with USB Peripherals
When this Project Zero report came out I started thinking more about USB as an interesting attack surface for IoT devices. Many of these devices allow users to plug in a USB and then perform some actions with that USB automatically, and that automatic functionality...
Reverse engineering Go binaries using Radare 2 and Python
When reverse engineering a binary application, at its lowest practical layer, the reverse engineer is looking at CPU-specific assembly language. In order to fully understand the application, the reverse engineer would need to understand those lower layers, instruction...
Abusing WebViews to Steal Files via Email
A few months ago, I was testing the email functionality on a company's contact us page, when I sent an email to myself containing: <script> alert("Hi, It's almost lunch time") </script> It actually was close to lunch time, so I wrapped up testing and waited for...
Cheating in eSports: How to Cheat at Virtual Cycling Using USB Hacks
If you missed Brad's talk, sign up for his Webinar. You might not know it but right now thousands of athletes are training and competing in virtual worlds. I'm not talking about League of Legends or Fortnite. Those games aren't the only eSports in the world. There are...
Web Cache Session Hijacking
In recent years it has become popular to use Content Delivery Networks (CDN) provided by cloud hosting providers. Amazon's CloudFront is an example of a popular CDN. These CDNs can take advantage of HTTP Caching to reduce latency for a global pool of end users. There...
Intro To Inzure: New Tool for Azure Deployments
Carve Contest + Wargame: Exploiting Misconfigured Sudo
