Time for the U.S. to Strike Back?
SolarWinds could be the start of a U.S.-Russia cyberwar
Here you can find experts' opinions about the SolarWinds attack and some suggestions that could...
And Don't Forget ISO/IEC 30111
Guidelines for the vulnerability handling processes
This post is related to vulnerability handling processes (ISO/IEC 30111), complementing the...
Don't Be Ignorant of ISO/IEC 29147
Guidelines for the vulnerability disclosure processes
Would you like to get a clearer idea about vulnerability disclosure? Start with reading this...
Sudo Heap Overflow CVE-2021-3156
Replicating CVE-2021-3156 with AFL
In this article we will be able to reproduce the bug described on CVE-2021-3156 using fuzzing.
Thoughtless Vulnerability Reporting
The Colombian Foreign Ministry faced a big trouble
Here I give you an overview of the recent Colombian Foreign Ministry's security problem and the...
SolarWinds Supply Chain Attack
A concise summary of the SolarWinds security fiasco
This post outlines the SolarWinds supply chain attack that has affected multiple companies and...
Babuk Locker for the 2021
The first ransomware (as a gift) for this new year
Here's a post dedicated to the new form of ransomware, Babuk Locker. I mention its encryption...
Interview With Safety Detectives
Mauricio Gomez talking about Fluid Attacks
Mauricio Gomez, a co-founder of Fluid Attacks, recently had an interview with Aviva Zacks of...
Exploiting MiTeC NetScanner
Tricky SEH exploit
This post will show how to build our version of an exploit for NetScanner 18.104.22.168, which was...
Vulnserver Reverse Engineering
The devil is in the details
This post will show how use reverse engineering techniques and tools to find vulnerabilities on...
Exploiting QuickZip 4.x
This post will show how to build our version of an exploit for QuickZip 4.x SEH overwrite.
Online Voting for a New President?
The trouble with OmniBallot and other voting platforms
In this post, we show you the exposed vulnerabilities of one of the many online voting options...