Search
What you feed your mind gets reflected in your choices. We curated a list of books that can get focus your energy on your next big challenge, get you out of a rut, or give you the space you need to tinker with your next project.
CVE-2024-6387, aka regreSSHion, is a new critical vulnerability affecting OpenSSH which remote, unauthenticated attackers can use to execute remote code. But there's more to this CVE than meets the eye
To help you find the signal in the noise, I’ve curated the top 12 ethical hacking newsletters to fuel your personal and career growth. Dig into what makes them special and the top 3 resources we cherry-picked from each.
Not all vulnerabilities are alike. Some are true game-changers, uncovering new possibilities, and more layers of complexity to explore. Let’s look at what five of the most notorious vulnerabilities from the past decade taught us - and how they shaped the infosec community.
In February 2024, we set out to compare our Website Vulnerability Scanner against some of the established names in Dynamic Web Application Security Testing, both commercial and open-source: Burp Scanner, Acunetix, Qualys, Rapid7 InsightAppSec, and ZAP.
In January 2024, we decided to evaluate the most used network vulnerability scanners - Nessus Professional, Qualys, Rapid7 Nexpose, Nuclei, OpenVAS, and Nmap vulnerability scripts - including our own, which industry peers can validate independently. Here’s why we did it, what results we got, and how you can verify them (there’s a white paper you can download with access to all the results behind this benchmark).
What does it take to build authentic trust and have a collaborative relationship with your customers? How do you help them create meaningful change in their organization? Which specific actions do you take to make an impact in how they tackle security issues? If you’ve wrestled with these questions, we created this educational guide to help you get more clarity and cultivate meaningful relationships with your customers. Empathy, honesty, clear communication, and understanding clients’ specific needs are some of the most effective strategies offensive security pros use to nurture these relationships with intent.
“Not everything works as configured. Not everyone behaves as trained.” The reality of this statement makes it possible for us, the people in offensive security, to have a job. It also highlights how unpredictable our work can be and how never-ending our learning process is. We work in a space where things are so complex that we need to combine big-picture, higher-level thinking with boost-on-the-ground practice. And our guest today is brilliant at doing just that.
The SSH backdoor would allow remote unauthenticated attackers to achieve remote code execution on the infected systems bypassing the authentication in place. From the information available at the time of writing, the backdoor seems to work only on GNU Linux x86/64 when the SSH server is run as a service by Systemd. Moreover, the library should have been installed by a packet manager. For the exploit to work, one should also expose the SSH server to the Internet so the attacker can interact remotely with it.
Gabrielle isn't just a pentester; she's a powerhouse of knowledge, an advocate for cyber education, and a mentor shaping the future of ethical hacking. With 9+ years of experience in cybersecurity, she focuses on sharing it with her community members through practical and valuable resources. In this episode, we continue to ask the meaningful questions: What makes a great pentester? How can you balance the art of manual testing with the efficiency of automation? What is the unique value that pentesters bring to offensive security? And what can't be commoditized in this craft?
Who or what shapes the perception of penetration testing? How do you step away from firefighting and develop a more systematic approach in your work as a pentester? These are some of the questions we’re answering in this new episode. Today’s guest is Tom Eston, an experienced security professional, team manager, and a true leader in offensive security.
Why would someone spend a lot of their time making penetration testing tools? Especially when it takes what it takes to maintain them. Today on We think we know, we're peeling back the layers of offensive security with the enigmatic Panagiotis Chartas, also known by his alias - Telemachus - a nod to his Greek heritage and the strategic depth of his expertise.
