David García Will Rust save the world? (II) We saw in the previous article the problems of manual memory management, but also the pitfalls of automatic memory management in languages like Java. But what if there was...
David García Will Rust save the world? (I) How Rust, the security-focused open source programming language, improves the outlook for memory error-based vulnerabilities
David García The new end of passwords Password, password, password... How many can you remember if you don't use a password manager? In fact, do you even use a password manager?
David García Where does ransomware attack? Three main pillars It all starts with a tweet from a researcher (Allan Liska from RecordedFuture) announcing that he is compiling a list of vulnerabilities currently being exploited by organised groups in...
David García What’s new in the OWASP 2021 ranking? OWASP, the foundation focused on web application security, has recently updated its ranking of the most prominent risks. Let’s take a look at the new reorganisation of the top,...
David García D3FEND, the other side of the ATT&CK coin We are already familiar with the ATT&CK project of the MITRE corporation. It is a de facto standard that helps us to characterise threats based on the techniques and...
David García The Malware Created in Go Is A Trend And Is Here To Stay Even though it cannot be said that Go is a new programming language (it is already more than ten years old), it does belong to that new batch of...
David García Bestiary of a Poorly Managed Memory (IV) What happens when we use uninitialized memory? Read this article and find out about the latest developments in memory management.
David García Bestiary of a Poorly Managed Memory (III) Our expert David Garcia explains some consequences of poor memory management such as dangling pointers or memory leaks.
David García Bestiary of a Poorly Managed Memory (II) Our expert David Garcia shows what happens when the same block of reserved memory is released twice, the so-called double free.
ElevenPaths Wannacry chronicles: Messi, korean, bitcoins and ransomware last hours It is hard to say something new about Wannacry, (the ransomware itself, not the attack). But it is worth investigating how the attacker worked during last hours before the...
Florence Broderick Another month, another new rooting malware family for Android Several months ago there was a media explosion about Android-rooting malware on Google Play. Those families were discovered by Cheetah Mobile Security Research Lab, Check Point, Lookout, FireEye,...
Florence Broderick Quick and dirty script in Powershell to check certificate fingerprints Malware is using signed binaries to attack Windows systems. Malware needs it to get into the roots of the operative system. So attackers steal or create their own certificates....
Florence Broderick Evil FOCA is now Open Source We are really happy to announce that Evil FOCA is now Open Source. We have received lots of comments and feedback about how you are using Evil FOCA, or how...
Florence Broderick How to bypass antiXSS filter in Chrome and Safari (discovered by ElevenPaths) Modern browsers usually have an antiXSS filter, that protects users from some of the consequences of this kind of attacks. Normally, they block cross site scripting execution, so the...