The Russo-Ukrainian was continues to rage on in both the physical world and cyberspace, providing an ongoing stream of events to analyze and new security threats to study. While the world is focused on this conflict, other threat actors remains active and mostly unreported.
What Is a Business Email Compromise (BEC) Attack? A Business Email Compromise (BEC), sometimes called a “BEC attack”, begins with threat actors compromising and spoofing emails to impersonate an organization’s CEO, heads of departments, executives, or vendors. It has several characteristics similar to spear-phishing attacks: emails targeted towards a specific individual, enterprise, or business to […]
In this tutorial, we expand on our previous article on AFL by developping a simple exploit using PEDA and Pwntools.
The Solfa Cipher Between May 19th and 21st, 2017, I’ve participated in the NSEC 17 Capture-the-Flag (CtF) event held annually in Montreal, QC. As usual, the team and I had a blast spending days and nights solving challenges and drinking free beer. Among the challenges was a two-part cryptographic puzzle printed on the first and last […]
It’s quite impressive to look back in the past to the early days of software vulnerabilities and observe the ongoing dance between new mitigation and new exploitation techniques. Powerful fuzzing tools are now commonplace and operated on a daily basis by IT corporations and security labs; either to find crashes in their software or others’ […]
The Trendnet TS-S402 is a discontinued network storage enclosure that was sold to individuals for personal data storage. Like every Internet-of-Things (IoT) device, it runs on software programmed and/or configured by the manufacturer before shipping it to the end-user, i.e. the firmware. Firmware versions 2.00.10 and below of this particular device have a serious vulnerability allowing remote […]
Philip Gabriel Pettersson, best known by the pseudonym of “Stakkato” can be said to have reached legendary status within the computer security community of his numerous successful breaches of high-level targets between 2003 and 2005. Then a 16-year-old hacker from Uppsala, Sweden, he successfully infiltrated systems of large universities, the United States military, NASA and […]