Kaspersky Labs has announced the discovery a very sophisticated malware campaign dubbed The Mask (aka Careto) that has been in operation since 2007. The operator of the malware is still unknown, but a nation-state sponsor is suspected. The Command and Control (C2) network was shutdown shortly after Kaspersky made its announcement,...
read more
Cross Site Scripting (XSS): Brief History Cross Site Scripting (XSS) is a common issue that plagues many web applications, check out xssed for a frame of reference. The most widely scene form is called reflective cross site scripting (XSS). This is when user supplied data is submitted to a application and the data is reflected back...
read more
This past weekend I attended ShmooCon 2014, which is an annual east coast hacking conference where like minded, and sometimes unlike minded people gather to exchange ideas and have a generally good time. The conference provides a forum for various speakers to present their research. Among the varying and interesting talks presented...
read more
“Trust But Verify” is a phrase that gets thrown around a lot especially in the auditing world. The phrase is useful in the civilized world, where people are generally honest. The phrase is NOT useful when it comes to trusting binaries on the internet, which should be considered the wild wild west at all times. A little...
read more
