Our Blog

ActiveX Repurposing.. (aka: Other bugs your static analyzer will never find..) (aka 0day^H^H 485day bug!)

Reading time: ~5 min
Earlier this week we had an internal presentation on Attacking ActiveX Controls. The main reason we had it is because...

DNS Tunnels (RE-REDUX)

Reading time: ~3 min
On a recent assessment we came across the following scenario: 1) We have command execution through a web command interpreter...

In Defense of Testing Pens… (aka how to keep your soul while being a pen-tester)

Reading time: ~7 min
A short while back, a discussion broke out on a mailing list about the nature of being a pen-tester. The...