David García Will Rust save the world? (II) We saw in the previous article the problems of manual memory management, but also the pitfalls of automatic memory management in languages like Java. But what if there was...
David García Will Rust save the world? (I) How Rust, the security-focused open source programming language, improves the outlook for memory error-based vulnerabilities
David García The new end of passwords Password, password, password... How many can you remember if you don't use a password manager? In fact, do you even use a password manager?
David García Where does ransomware attack? Three main pillars It all starts with a tweet from a researcher (Allan Liska from RecordedFuture) announcing that he is compiling a list of vulnerabilities currently being exploited by organised groups in...
David García What’s new in the OWASP 2021 ranking? OWASP, the foundation focused on web application security, has recently updated its ranking of the most prominent risks. Let’s take a look at the new reorganisation of the top,...
David García D3FEND, the other side of the ATT&CK coin We are already familiar with the ATT&CK project of the MITRE corporation. It is a de facto standard that helps us to characterise threats based on the techniques and...
David García The Malware Created in Go Is A Trend And Is Here To Stay Even though it cannot be said that Go is a new programming language (it is already more than ten years old), it does belong to that new batch of...
David García Bestiary of a Poorly Managed Memory (IV) What happens when we use uninitialized memory? Read this article and find out about the latest developments in memory management.
David García Bestiary of a Poorly Managed Memory (III) Our expert David Garcia explains some consequences of poor memory management such as dangling pointers or memory leaks.
David García Bestiary of a Poorly Managed Memory (II) Our expert David Garcia shows what happens when the same block of reserved memory is released twice, the so-called double free.
Florence Broderick Evil FOCA is now Open Source We are really happy to announce that Evil FOCA is now Open Source. We have received lots of comments and feedback about how you are using Evil FOCA, or how...
Florence Broderick FOCA Final Version, the ultimate FOCA You all know FOCA. Over the years, it had a great acceptation and became quite popular. Eleven Path has killed the FOCA to turn it into a professional service,...
Florence Broderick How does blacklisting work in Java and how to take advantage of it (using whitelisting) Oracle has introduced the notion of whitelisting in its latest version of Java 7 update 40. That is a great step ahead (taken too late) in security for this...
Florence Broderick Showing certificate chain without validating with Windows "certificate store" (C#) Java has its own independent certificate store. If you wish to view natively in Windows a certificate extracted from an APK or JAR file Windows may not find the...
