News
28 January 2018
WebsiteBaker CMS 2.10.0 – Multiple SQL Injection Vulnerabilities
The vulnerability exists due to insufficient filtration of user-supplied data. By exploiting this vulnerability, an attacker gains access to all records stored in the database with the privileges of the WebsiteBaker database user
28 January 2018
Essentials for ICS/SCADA defence
In Summer 2016, as we cranked up our efforts to get deep into the Industry Security landscape, we had the pleasure to host Christine Kinch as our intern and researcher.
28 January 2018
From Firewalls to Honeypots: Citadelo’s Vision for Cybersecurity
Perimeter security is broken. Industrial systems are exposed. And attackers are always one step ahead. At Citadelo, we’ve crafted a masterplan to flip the odds — from honeypots to bug bounties to real-time traps.
28 January 2018
How We Bypassed NOD32 and Hacked a Paranoid Customer
During penetration testing for a big customer, we hacked a number of Microsoft Windows servers. At one point, part of our attack was thwarted by ESET’s NOD32 system.
26 January 2018
ExtendedMacro – BurpSuite plugin
BurpSuite Proxy is one of the most used HTTP proxy application for web penetration testers. This tool is one of the best in its category, but sometimes we encounter a situation requiring additional functionality which is not provided by Burp itself.
26 January 2018
We found vulnerability of CMS Made Simple
CMS Made Simple is a free, open source CMS to provide developers, programmers and site owners a web-based development and administration area. In 2010 it won the Packt Publishing annual award for open source content management.