Kaspersky experts detail the journey of the victims' data after a phishing attack. We break down the use of email-based phishing kits, Telegram bots, and customized administration panels.
Check out the most critical threats to agentic AI applications, and then dive into the worst software weaknesses of 2025. Plus, learn about pro-Russia hacktivists’ attacks against critical...
ok.. so im in my room finally catching up on sleep (or will be in a few minutes) while most people are finishing Microsofts booze at the PURE microsoft party.. BlackHat is over, which means...
Hey guys.. Our BlackHat/Defcon talk this year featured a few tools that we promised to release.. The first tool, or set of tools is reDuh which can be found [here]. reDuh is made up of 2 parts, a...
This has probably been pondered, but something occurred to me whilst entering my new home.. The guard house grants access based on your fingerprint. The system works pretty sweetly.. Now.. because...
Ok.. so we have an outside gate type thing that leads to our garden. Since we would probably get to the gate at random points of the day / week we figured a combination lock would make sense. Now...
Ok.. so after many moons of making excuses for not making our internal blog public we have decided on a happy compromise.. Some of the “work-safe” posts from internal, will make its way out here.....
Aaron Adams over at SYMANTEC, did a quick check on the version of Samba running on currently up to date OSX machines and found that the Macs were still running 3.0.10. He did a quick mod on the...
[Yahoo pipes] looks like an awesome way for even non-programmers to create web mashups trivially. Aside from the fact that its interface is super-cool, it brings an interesting dimension to next...
Ars Technica is reporting on the law suit filed in 2006 by Martin Bragg who accused Linden labs of wrongfully seizing his virtual land. -snip- Linden Lab filed two motions to dismiss the suit,...
Jeremiah from WhiteHatSec has just written a quick piece on how to find your websites. Now Footprinting is obviously dear to our hearts, with 3 Blackhat talks on it (or applications of it)...
Check out http://hongkong.langhamplacehotels.com/accom/technology.htm in Hong Kong. They provide Cisco IP phones in the rooms, but with a difference. According to an article I read in TIME the...
Scheduled tasks and services are often run as accounts with excessive privileges (HP Insight, backups etc) instead of limited service accounts. By exploring the tasks under c:\windows\tasks or the...
VMware have just released beta4 of its Fusion product for OSX. The initial beta was hard to justify and a little flaky, which allowed Parallels to take an early lead. We still have people in the...
After a six hour delay due to technical problems *before* my journey even started I’m finally on the plane and waiting for take off. Tag an additional five hour delay due to a missed connection in...
R J Hillhouse (who has a fascinating background) found that when she double clicked a graph on a slide deck belonging to the office of national intelligence (available from the DIA website), the...
Gareth linked to David Maynor’s blog where he documents the results of some simple fuzzing against the new Win32 port of Safari. Of course fanboys everywhere are going to be on this one like,...
Whew. After much last-minute war with PPT C# and ORM our slides and Beta 1.0 of our tool are available on our research site. I think the slides are pretty neat, and I’m *very* excited about the...
BlackHat Vegas is almost on us again, and this will be the 6th year running that we present there.. This year Marco and i will be taking a new look at some old attacks.. The bulk of the talk will...
Mark Shuttleworth on his blog makes it clear -snip- “We have declined to discuss any agreement with Microsoft under the threat of unspecified patent infringements.” … I have no objections to...
First IBM announced their interest in Watchfire, and now HP announces their interest in SPI Dynamics. “Consolidation in the industry” is one of those horrible phrases that are always bandied about...
Many years ago, when we first released ‘Setiri’ one of the controls that we preached was website white-listing. As talk-back trojans would connect back to arbitrary web servers on the Internet, we...
The Black Hat Briefings is arguably the most significant technical security conference in the world. It takes every year in Las Vegas and also includes a series of diverse technical training...
A short while back, a discussion broke out on a mailing list about the nature of being a pen-tester. The discussion quickly gravitated towards the number of “security” companies where numbers of...
Richard Bejtlich didnt give the pre-release a glowing review but i know at least a few people waiting eagerly to get their hands on the new “Fuzzing: Brute Force Vulnerability Discovery by Michael...
Someone in the office was discussing Microsoft’s recent horrible foray into the anti-virus market. Apparently an online source held one-care as faring worse than a simple man with a perl script. A...
ok.. some of you in the office would have heard me whine when vmware fusion recently started taking my whole machine down occasionally. The joy of it being the whole machine is that ive lost my...
hmmm… i have heard this somewhere before…. ” However, in cases where your finger is used to identify or authenticate you, it’s much harder to change your password. ” /mh
Google have finally revised their cookie expiration policy, which will have user cookies expiring after 2 years. (For those of you who think this is too long, it needs to be kept in mind that this...
Deels stumbled on www.simpsonizeme.com to give me mh, the springfield edition.. Combine with your intranet mug-shots, and it could give you hours of lost productivity..