Sniffglue – Network Sniffer

sniffglue is a network sniffer written in rust. Network packets are parsed concurrently using a thread pool to utilize all cpu cores. Project goals are that you can run sniffglue securely on untrusted networks and that it must not crash when processing packets. The output should be as useful as possible by default. Usage Installation Arch Linux Mac OSX Debian/Ubuntu/Kali […]

Reverse Engineering resources

A curated list of awesome reversing resource Books Reverse Engineering Books The IDA Pro Book Radare2 Book Reverse Engineering for Beginners The Art of Assembly Language Practical Reverse Engineering Reversing: Secrets of Reverse Engineering Practical Malware Analysis Malware Analyst’s Cookbook Gray Hat Hacking Access Denied The Art of Memory Forensics Hacking: The Art of Exploitation Fuzzing for Software Security Art […]

What enterprise needs to know about Windows 11

We’ve collected some of the most salient points about the upcoming Windows 11, the ones enterprise IT admins will most need to know. So much for that promise. You know, the one Microsoft made six years ago when it told customers that Windows 10 was “the last version of Windows” they’d see. Instead, Windows 10 will end — also as […]

D3FEND – NSA Funds the Development

The U.S. government’s National Security Agency (NSA) on June 22, 2021 announced plans to fund the development of a knowledge base of defensive countermeasures for the most common techniques used by malicious hackers. The project, called D3FEND, is available through the non-profit MITRE Corporation as a catalogue of defensive cybersecurity techniques and their relationships to offensive/adversary techniques.  The primary goal […]

Researcher Demonstrates 4 New Variants of HTTP Request Smuggling Attack

A new research has identified four new variants of HTTP request smuggling attacks that work against various commercial off-the-shelf web servers and HTTP proxy servers. Amit Klein, VP of Security Research at SafeBreach who presented the findings today at the Black Hat security conference, said that the attacks highlight how web servers and HTTP proxy servers are still susceptible to […]

Cybersecurity Practices That Protect Your Small Business

Entrepreneurs think lack of customers, bad service and limited capital are what causes bankruptcy. Try being a victim of cybercrime. Success instills pride. Unfortunately, valuable possessions also attract thieves. Entrepreneurs think lack of customers, bad service and limited capital are what causes bankruptcy. Try being a victim of cyber crime. The National Cyber Security Alliance found that 60 percent of companies […]

Cybersecurity Experts Comment on Phishing Campaign That Can Bypass MFA

Cofence Phishing Defence Center have discovered yet the latest of cybercriminals’ tricks: a phishing campaign that bypasses MFA. Different from other credential harvesting attacks, the scam attempts to trick users into granting permissions to an application that then proceeds to bypass multifactor authentication. Leveraging the OAuth2 framework and OpenID Connect protocol, this campaign’s main goal is to steal user information […]

A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide

Cybersecurity researchers today took the wraps off a sophisticated, multi-functional peer-to-peer (P2P) botnet written in Golang that has been actively targeting SSH servers since January 2020. Called “FritzFrog,” the modular, multi-threaded and file-less botnet has breached more than 500 servers to date, infecting well-known universities in the US and Europe, and a railway company, according to a report released by […]

Critical Jenkins Server Vulnerability Could Leak Sensitive Information

Jenkins—a popular open-source automation server software—published an advisory on Monday concerning a critical vulnerability in the Jetty web server that could result in memory corruption and cause confidential information to be disclosed. Tracked as CVE-2019-17638, the flaw has a CVSS rating of 9.4 and impacts Eclipse Jetty versions 9.4.27.v20200227 to 9.4.29.v20200521—a full-featured tool that provides a Java HTTP server and […]

Microsoft Issues Emergency Security Updates for Windows 8.1 and Server 2012 R2

Microsoft has issued an emergency out-of-band software update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 systems to patch two new recently disclosed security vulnerabilities. Tracked as CVE-2020-1530 and CVE-2020-1537, both flaws reside in the Remote Access Service (RAS) in a way it manages memory and file operations and could let remote attackers gain elevated privileges after […]