All Posts

3 min Vulnerability Management

How SOAR Is Disrupting Traditional Vulnerability Management

In a recent episode of Whiteboard Wednesday, we dive into how security orchestration, automation, and response (SOAR) is changing traditional vulnerability management.
5 min Ransomware

WannaCry, Two Years On: Current Threat Landscape

In this blog, we take a look at the current attacker landscape related to EternalBlue and ransomware, along with some lessons that have not been learned since WannaCry.

9 min Vulnerability Management

Medical Device Security, Part 3: Putting Safe Scanning into Practice

In this blog post, we put the theory we've built out in our medical device scanning series into practice.

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up 5/10/19

A new Chrome browser exploit, some WebLogic RCE, and an exploit for PostgreSQL. Also announcing the return of our annual Open-Source Security Meetup in Vegas!
4 min Research

Extracting Firmware from Microcontrollers’ Onboard Flash Memory, Part 4

In our fourth and final part of this ongoing series, we will conduct further firmware extraction exercises with the Texas Instruments RF microcontroller.
7 min Vulnerability Management

Medical Device Security, Part 2: How to Give Medical Devices a Security Checkup

In part two of our series, we get into the weeds of medical device scanning and examine how to directly perform assessments on medical devices.
2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up 5/3/19

Better persistence options thanks to two new modules for Yum and APT package managers. Plus, new exploits for Rails DoubleTap and Spring Cloud Config.
4 min InsightAppSec

How InsightAppSec Can Help You Improve Your Approach to Application Security

In this post, we’ll explore why modern apps require modern testing and how our DAST tool, InsightAppSec, is leading the way with the most sought-after needs for application security teams.

4 min IoT

Extracting Firmware from Microcontrollers' Onboard Flash Memory, Part 3: Microchip PIC Microcontrollers

In this blog, we will conduct another firmware extraction exercise dealing with the Microchip PIC microcontroller (PIC32MX695F512H).

7 min Vulnerability Management

Medical Device Security, Part 1: How to Scan Devices Without Letting Safety Flatline

When scanning medical devices, it's important to manage risk, be intentional and tread lightly, and never scan computers that are plugged into people.

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up 4/26/19

Faster tab completion for `set PAYLOAD` and faster output for `show payloads`. Plus, four new exploits, including unauthenticated template injection for Atlassian Confluence and Ruby on Rails DoubleTap directory traversal.

3 min IoT

Extracting Firmware from Microcontrollers' Onboard Flash Memory, Part 2: Nordic RF Microcontrollers

In this blog, we will conduct another firmware extraction exercise dealing with the Nordic RF microcontroller (nRF51822).

5 min

Capture the Flag: Red Team vs. Cloud SIEM

Here's how InsightIDR fared in a recent Capture the Flag (CTF) meetup with a special blue-team element.

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up 4/19/19

A more useful use command From among the many musings of longtime contributor/team member Brent Cook , in a combined effort with the ever-present wvu , the use command has become so much more useful. PR 11724 takes new functionality from search -u one step further by automatically appying it when use is called with a uniq
5 min Application Security

How to Choose the Right Application Security Tool for Your Organization

In this post, we’re taking a look at the various application security testing technologies and how to determine which is best for your organization.

Popular Topics

Tags