Three security researchers have discovered a variation to an old cryptographic attack that can be exploited to obtain the private encryption key necessary to decrypt sensitive HTTPS traffic under certain conditions.

With each new release of Windows 10, we see more and more useful tools being ported from Linux. First, we had the Windows Subsystem for Linux, which is awesome, and now we have a built-in OpenSSH client and server, which uses version 7.5p1 of OpenSSH.

You can learn an amazing amount of information about your network connections with these three glorious Linux networking commands. iftop tracks network connections by process number, Nethogs quickly reveals what is hogging your bandwidth, and vnstat runs…

NEW: DoJ has caught one of the hackers behind last year’s massive Mirai botnet. Paras Jha has agreed to plead guilty to cyber crime charges in the case, according to federal court records

A simple, fully python ransomware PoC. Contribute to deadPix3l/CryptSky development by creating an account on GitHub.

Cybereason researcher Amit Serper discovers a new variant of TargetingEdge's Mac OSX Pirrit malware, now this adware includes remote access tool RAT capabilities.

Subdomain enumeration tool. Contribute to jonluca/Anubis development by creating an account on GitHub.

Everything a developer needs to know to build secure software in the PHP programming language in the year 2018

It is now commonly accepted as fact that web performance is critical for business. Slower sites can affect conversion rates on e-commerce stores, they can affect your sign-up rate on your SaaS service and lower the readership of your content.

Return of Bleichenbacher's Oracle Threat - ROBOT is the return of a 19-year-old vulnerability that allows performing RSA decryption and signing operations with the private key of a TLS server.

As we have proven in previous research blog posts, malware authors often reuse the same code. This evolution of code and code reuse is seen all throughout the well known Blockbuster campaign and connections between other malware attributed to the Lazarus…

XXE Out of Band testing, explaining how to execute XXE OOB attacks over HTTP & FTP. Additional explanation on XXE RCE.

Part of the NSA cyber weapon framework DanderSpritz is eventlogedit, a piece of software capable of removing individual lines from Windows Event Log files. Now that this tool is leaked and public, …

Rapid7 just wrapped up the second of their Metsploitable3 CTFs, this time for the Linux version of the intentionally vulnerable OS that both beginner and advanced hackers can hone their skills on. They only allowed 500 participants/teams worldwide. I had…

makin - reveal anti-debugging and anti-VM tricks [This project is not maintained anymore] - secrary/makin