web analytics

Currently Browsing: April 2019

Creating Custom Malware with MSFvenom

When Offensive Security combined MSFpayload and MSFencode into one solidified MSvenom framework they enabled penetration testers to quickly create custom malware and shellcode. Try it yourself to see how easy it is to get a remote shell on a victim’s computer 1 – First you need to determine what format you want your malware to […]


Akamai Report Details Over 30 Billion Credential Stuffing Attacks in 2018

Credential stuffing is far from a new technique yet people’s propensity to re-use credentials has escalated the number of organizations trying to gain initial access through this vector. The opportunity for credential stuffing occurs when a data breach of user names and passwords is stolen from an organization. The hacker takes the hashed passwords and […]


Responsible Disclosure Gone Wrong – Unpatched Zero-Days in the Wild for Microsoft Edge and Internet Explorer

How long should you wait to release an exploit publicly after you notify a company of a flaw in their software? Some organizations like CERT have a 45-day disclosure policy while Google’s Project Zero has a 90-day policy and ZDI has up to 120-days.  Balancing the right amount of time can be tricky but a […]


Latest Software Supply Chain Attack Hits ASUS

In an attack now being dubbed ShadowHammer, Taiwan based tech company ASUS was compromised by a hacking team that used its trusted update to push malware down to half a million users throughout the globe. This is the latest software supply chain attack in a growing trend where hackers are gaining initial access to systems […]