David García Will Rust save the world? (II) We saw in the previous article the problems of manual memory management, but also the pitfalls of automatic memory management in languages like Java. But what if there was...
David García Will Rust save the world? (I) How Rust, the security-focused open source programming language, improves the outlook for memory error-based vulnerabilities
David García The new end of passwords Password, password, password... How many can you remember if you don't use a password manager? In fact, do you even use a password manager?
David García Where does ransomware attack? Three main pillars It all starts with a tweet from a researcher (Allan Liska from RecordedFuture) announcing that he is compiling a list of vulnerabilities currently being exploited by organised groups in...
David García What’s new in the OWASP 2021 ranking? OWASP, the foundation focused on web application security, has recently updated its ranking of the most prominent risks. Let’s take a look at the new reorganisation of the top,...
David García D3FEND, the other side of the ATT&CK coin We are already familiar with the ATT&CK project of the MITRE corporation. It is a de facto standard that helps us to characterise threats based on the techniques and...
David García The Malware Created in Go Is A Trend And Is Here To Stay Even though it cannot be said that Go is a new programming language (it is already more than ten years old), it does belong to that new batch of...
David García Bestiary of a Poorly Managed Memory (IV) What happens when we use uninitialized memory? Read this article and find out about the latest developments in memory management.
David García Bestiary of a Poorly Managed Memory (III) Our expert David Garcia explains some consequences of poor memory management such as dangling pointers or memory leaks.
David García Bestiary of a Poorly Managed Memory (II) Our expert David Garcia shows what happens when the same block of reserved memory is released twice, the so-called double free.
Innovation Marketing Team Empowering women in entrepreneurship: 10 female – led startups in Germany In Germany, only about 15% of startups are initiated by women. Sadly, the figure has been stagnant for years. Additionally, female-led startups receive significantly less Venture Capital than those...
Florence Broderick Quick and dirty script in Powershell to check certificate fingerprints Malware is using signed binaries to attack Windows systems. Malware needs it to get into the roots of the operative system. So attackers steal or create their own certificates....
Florence Broderick How to bypass antiXSS filter in Chrome and Safari (discovered by ElevenPaths) Modern browsers usually have an antiXSS filter, that protects users from some of the consequences of this kind of attacks. Normally, they block cross site scripting execution, so the...
Florence Broderick FOCA Final Version, the ultimate FOCA You all know FOCA. Over the years, it had a great acceptation and became quite popular. Eleven Path has killed the FOCA to turn it into a professional service,...
Florence Broderick HookMe, a tool for intercepting communications with API hooking HookMe is a tool for Windows that allows to intercept system processes when calling APIs needed for network connections. The tool, still in beta, was developed by Manuel Fernández (now...