Collaborate Disseminate
In this podcast, Tod Beardsley, Director of Research at Rapid7, talks about the recently released National Exposure Index, which aims to better understand the nature of Internet exposure – services that either do not offer modern cryptographic pr… Continue reading Inferring Internet security posture by country through port scanning
In this podcast recorded at RSA Conference 2018, Dave Ferguson, Director, Product Management for Web Application Security at Qualys, talks about the challenges and benefits of automating web app testing, Qualys Browser Recorder, as well as Qualys Web A… Continue reading Automating web app testing to secure your environment
Nmap is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. What’s important Nmap scripts can now perform brute force SSH password cracking, query servers about what auth methods and public keys they accept, and even log in using known or discovered credentials to execute arbitrary commands. … More → Continue reading Nmap 7.60 released: SSH support, SMB2/SMB3 improvements, 14 more scripts
By now, many Android users that have the Google Play Store app on their devices should be able to find Google Play Protect in it. What is Google Play Protect? Google Play Protect is a security suite for Android devices, which brings together some old and some new features aimed at protecting users’ devices against harmful or malicious apps. The security suite: Scans and verifies apps users want to download from Google Play (before they … More → Continue reading Google Play Protect scans for malicious apps
After the recent massive WannaCry ransomware campaign, Elad Erez, Director of Innovation at Imperva, was shocked at the number of systems that still sported the Microsoft Windows SMB Server vulnerabilities that made the attack possible. So, he decided to do something about it: he created Eternal Blues, an easy-to-use vulnerability scanner that he made available for download for free. The tool does one single thing: it scans computers for the aforementioned vulnerabilities, and lets users … More → Continue reading EternalBlue vulnerability scanner statistics reveal exposed hosts worldwide
Despite regularly achieving one of the top spots on the OWASP Top 10 list of the most critical web application security risks, injection vulnerabilities continue to plague database-driven web sites and get regularly exploited by attackers. And when we talk about injection attacks, SQL injections are the most prominent, mostly because SQL databases are ubiquitous, and the attackers often succeeding in dumping the contents of the entire database. “The severity of SQL Injection attacks is … More → Continue reading Telegram-based Katyusha SQL injection scanner sold on hacker forums
What’s the best way to image a room? A picture? Hah — don’t be so old-fashioned! You want a LIDAR rig to scan the space and reconstruct it as a 3D point map in your computer.
Hot on the heels of [Saulius Lukse]’s scanning thermometer, he’s replaced the thermal camera on their pan/tilt setup with a time-of-flight (TOF) camera — a Garmin LIDAR — capable of 500 samples per second and end up scanning their room in a mere fifteen minutes. Position data is combined with the ranging information to produce a point cloud using Python. Open that file in …read more
Want to know which way to point your WiFi antenna to get the best signal? It’s a guessing game for most of us, but a quick build of a scanning WiFi antenna using mostly off-the-shelf components could point you in the right direction.
With saturation WiFi coverage in most places these days, optimizing your signal might seem like a pointless exercise. And indeed it seems [shawnhymel] built this more for fun than for practical reasons. Still, we can see applications where a scanning Yagi-Uda antenna would come in handy. The build started with a “WiFi divining rod” [shawnhymel] created from …read more
As details about CIA’s hacking capabilities and tools are, bit by bit, popping to the surface, companies are trying to offer users some piece of mind. In the wake of WikiLeaks’ release of the CIA document dump, Apple has stated that many of the revealed iOS exploits have already been patched, and the company is constantly working to address any new vulnerabilities. “Our products and software are designed to quickly get security updates into the … More → Continue reading Intel’s CHIPSEC can detect CIA’s OS X rootkit
At RSA Conference 2017, Qualys and Bugcrowd announced joint development integrations allowing joint customers the ability to share vulnerability data across automated web application scanning and crowdsourced bug bounty programs. Many organizations’ security strategies have changed to a proactive approach, which includes both automation and human expertise to discover vulnerabilities. To reduce the escalating cost and effort of implementing multiple tools or programs, this joint integration between Bugcrowd Crowdcontrol and Qualys Cloud Platform brings together … More → Continue reading Qualys and Bugcrowd bring automation, crowdsourcing to web app security
