5 min
Ransomware
WannaCry, Two Years On: Current Threat Landscape
In this blog, we take a look at the current attacker landscape related to EternalBlue and ransomware, along with some lessons that have not been learned since WannaCry.
9 min
Vulnerability Management
Medical Device Security, Part 3: Putting Safe Scanning into Practice
In this blog post, we put the theory we've built out in our medical device scanning series into practice.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 5/10/19
A new Chrome browser exploit, some WebLogic RCE, and an exploit for PostgreSQL. Also announcing the return of our annual Open-Source Security Meetup in Vegas!
4 min
Research
Extracting Firmware from Microcontrollers’
Onboard Flash Memory, Part 4
In our fourth and final part of this ongoing series, we will conduct further firmware extraction exercises with the Texas Instruments RF microcontroller.
7 min
Vulnerability Management
Medical Device Security, Part 2: How to Give Medical Devices a Security Checkup
In part two of our series, we get into the weeds of medical device scanning and examine how to directly perform assessments on medical devices.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 5/3/19
Better persistence options thanks to two new modules for Yum and APT package managers. Plus, new exploits for Rails DoubleTap and Spring Cloud Config.
4 min
InsightAppSec
How InsightAppSec Can Help You Improve Your Approach to Application Security
In this post, we’ll explore why modern apps require modern testing and how our DAST tool, InsightAppSec, is leading the way with the most sought-after needs for application security teams.
4 min
IoT
Extracting Firmware from Microcontrollers'
Onboard Flash Memory, Part 3: Microchip PIC Microcontrollers
In this blog, we will conduct another firmware extraction exercise dealing with the Microchip PIC microcontroller (PIC32MX695F512H).
7 min
Vulnerability Management
Medical Device Security, Part 1: How to Scan Devices Without Letting Safety Flatline
When scanning medical devices, it's important to manage risk, be intentional and tread lightly, and never scan computers that are plugged into people.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 4/26/19
Faster tab completion for `set PAYLOAD` and faster output for `show payloads`. Plus, four new exploits, including unauthenticated template injection for Atlassian Confluence and Ruby on Rails DoubleTap directory traversal.
3 min
IoT
Extracting Firmware from Microcontrollers'
Onboard Flash Memory, Part 2: Nordic RF Microcontrollers
In this blog, we will conduct another firmware extraction exercise dealing with the Nordic RF microcontroller (nRF51822).
5 min
Capture the Flag: Red Team vs. Cloud SIEM
Here's how InsightIDR fared in a recent Capture the Flag (CTF) meetup with a special blue-team element.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 4/19/19
A more useful use command
From among the many musings of longtime contributor/team member Brent Cook
, in a combined effort with the ever-present wvu
, the use command has become so much more useful. PR
11724 takes new
functionality from
search -u one step further by automatically appying it when use is called with a
uniq
5 min
Application Security
How to Choose the Right Application Security Tool for Your Organization
In this post, we’re taking a look at the various application security testing technologies and how to determine which is best for your organization.
3 min
Research
Extracting Firmware from Microcontrollers' Onboard Flash Memory, Part 1: Atmel Microcontrollers
As part of our ongoing discussion of hardware hacking for security professionals, this blog covers the Amtel Atmega2561 microcontroller.