Attack Surface Management (ASM) focuses on identifying, monitoring, and mitigating potential vulnerabilities and risks across an organization’s entire digital footprint, including both known and unknown assets, to reduce the potential attack surface. Here’s a more detailed explanation: Continuous Process: ASM is not a one-time task, but rather a continuous process of discovery, analysis, prioritization, remediation, Read More …
Author: tmack
Conference Video – Defending Against Power Shell Attacks
Dutch Power Shell User Group – 3rd Power Shell Saturday 2017-04-08
Hacker TV – What Is An XXE Attack?
XML files can incorporate inline references to other documents. Unsafe treatment of external references allows an attacker to probe your file system for sensitive information – an XML External Entity (XXE) attack.
clean up /boot (for Ubuntu at least)
Here is a quick set of commands to clean up the /boot partition on an Ubuntu linux system. First check what your kernel version is so you won’t delete the running kernel image: uname -r Now run this for a list of installed kernels: dpkg –list ‘linux-image*’ | grep ^ii delete the kernels you don’t Read More …
What are the advantages of FASP
The speed increases are achieved by sending larger packets than TCP, not waiting for confirmation that a packet has been received before sending the next one, and only re-sending packets that are confirmed as having been dropped. FASP (Fast and Secure Protocol), used in IBM Aspera, offers significant advantages for cloud data transfer, enabling faster, Read More …
Conference Video – Invoke-Obfuscation: PowerShell obFUsk8tion
Power Shell has increasingly become the de facto standard for penetration testers and hackers alike. It enables attackers to “live off the land” by using a Microsoft-signed binary that can execute remote code entirely in memory while bypassing both A/V and application whitelisting solutions. Today’s detection techniques monitor for certain strings in powershell.exe’s command-line arguments. Read More …
What are Cascading Style Sheets?
CSS, short for Cascading Style Sheets, is a stylesheet language used to control the appearance and layout of web pages. Introduced by the World Wide Web Consortium (W3C) in 1996, CSS separates the content of a website (structured with HTML) from its visual presentation, allowing developers to create aesthetically pleasing and user-friendly designs. Core Concepts Read More …
Conference Video – Win32 Exploit Development With Mona and the MSF Framework
In this talk, Corelanc0d3r and Nullthreat will walk the audience through the process of writing exploits for Win32 User Land, while elaborating on the subtleties of writing effective and reliable exploits that bypass common memory protections. Using a number of example exploits, they will demonstrate how the various functions available in mona.py, the Corelan Team Read More …
Don’t track my kids
A blurb of a post this time, but something I want to make sure everyone is aware of. Remember, Remember If your kids are a member Then they became the product and the future is out of luck Don’t track my kids We need to make sure our kids get a chance to be kids, Read More …
BGP: The Backbone of Internet Routing and Its Security Challenges
In the vast and interconnected world of the Internet, one of the most critical protocols ensuring the flow of data is Border Gateway Protocol (BGP). BGP is the routing protocol that enables different autonomous systems to communicate and exchange routing information. Without BGP, the Internet as we know it would not be able to function, Read More …