Latest Content

Tech Blog

Breaking HTTPS in the IoT: Practical Attacks For Reverse Engineers

Jun 30, 2020 5:00:00 AM | By Nathan Elendt,

As the old joke goes, the ‘S’ in “IoT’ stands for security. While (Internet of) Things can vary wildly in design robustness and overall security,... continue reading

Tech Blog

Stop Treating Breaches Like Natural Disasters: A New Mindset for Application Security

Jun 25, 2020 5:00:00 AM | By Dan Petro,

Application security is a complex topic that can be viewed through many lenses, and each is valuable when used in the right context. There’s one... continue reading

Tech Blog

How to Set Up Your Hardware Lab

Jun 23, 2020 5:00:00 AM | By Jordan Parkin,

In recent years, embedded device security has made its way into the public consciousness as attackers target the now ubiquitous smart devices in... continue reading

Advisories

SecureAuth Version 9.3

Jun 19, 2020 5:00:00 AM | By Chris Davis, Robert Punnett

ADVISORY SUMMARY One low-risk vulnerability was discovered within the SecureAuth IdP v9.3 application. This vulnerability could allow malicious... continue reading

Industry Blog

A Guide to Digital Reconnaissance

Jun 16, 2020 5:00:00 AM | By Daniel Wood,

WHAT IS DIGITAL RECONNAISSANCE? Digital reconnaissance is a way of collecting intelligence about an organization or target without actively... continue reading

Advisories

DigDash Enterprise: Versions 2018R2-2020R1

Jun 15, 2020 5:00:00 AM | By Florian Nivette,

ADVISORY SUMMARY The following document describes three identified vulnerabilities (one high-risk, one medium-risk, one low-risk) in the DigDash... continue reading

Advisories

OOB to RCE: Exploitation of the Hobbes Functional Interpreter

Jun 12, 2020 7:52:27 AM | By Jake Miller

ADVISORY SUMMARY CVE-2020-13656: In Hobbes through 2020-05-21, the array implementation lacks bounds checking, allowing exploitation of an... continue reading

Industry Blog

Lessons Learned from Years of Red Teaming

Jun 9, 2020 5:00:00 AM | By Daniel Wood,

Red teaming can mean a lot of things to a lot of people. In the truest sense, and how we will define it here for the purpose of this article, red... continue reading

Industry Blog

Quantifying the Impact of Micro-Segmentation

Jun 4, 2020 6:00:00 AM | By Bishop Fox,

Too often in the security industry, we hear of solutions or tools that will help make your business become “more compliant” or “improve your... continue reading

Latest Articles

DARK Reading

RMIScout: Safely and Quickly Brute-Force Java RMI Interfaces for Code Execution

EYEBALLER

Dufflebag: Uncovering Secrets in Exposed EBS Volumes

Latest Content

Breaking HTTPS in the IoT: Practical Attacks For Reverse Engineers

Stop Treating Breaches Like Natural Disasters: A New Mindset for Application Security

How to Set Up Your Hardware Lab

SecureAuth Version 9.3

A Guide to Digital Reconnaissance

DigDash Enterprise: Versions 2018R2-2020R1

OOB to RCE: Exploitation of the Hobbes Functional Interpreter

Lessons Learned from Years of Red Teaming

Quantifying the Impact of Micro-Segmentation

Latest Articles

7 Must-Haves for a Rockin' Red Team

Is your perimeter inventory leaving you exposed? Why it’s time to switch from IP to DNS

What Your Company Needs to Know About Hardware Supply Chain Security

Get Organized Like a Villain

6 Best Practices for Performing Physical Penetration Tests

Red teaming: Why a forward offense is the best defense

Is Your Company Ready For A Bug Bounty Program?

CONSULTING SERVICES

CONSULTING SERVICES

PARTNER PROGRAMS

LABS | RESEARCH & RESOURCES

CAREERS

COMPANY

COMMUNITY

CONTACT

ADDRESS

Latest Content

Popular Picks

FIND OUT FIRST

Latest Articles

CONSULTING SERVICES

CONSULTING SERVICES

PARTNER PROGRAMS

LABS | RESEARCH & RESOURCES

CAREERS

COMPANY

COMMUNITY

CONTACT

ADDRESS