As I had mentioned previously, this year, I’m going back to school. Not to take classes, but to teach a course at my alma mater, Fanshawe College. I did this about a decade ago and thought it was interesting, so I was excited to give it another go. Additionally, after a friend mentioned that their kid wanted to learn Python, I developed an Intro to Python ai

From small- and medium-sized organizations to large enterprises, every business is under continuous threat of security risk in today’s digital world.With the growing digital footprint and cloud adoption, organizations continue to experience sophisticated cyberthreats that hold the potential to disrupt business continuity.A vast majority of these threats can

by Sina Pilehchiha, Concordia University Trail of Bits has manually curated a wealth of data—years of security assessment reports—and now we’re exploring how to use this data to make the smart contract auditing process more efficient with Slither-simil. Based on accumulated knowledge embedded in previous audits, we set out to detect similar vulnerable code s

By Suha S. Hussain, Georgia Tech If you work on deep learning systems, check out our new tool, PrivacyRaven—it’s a Python library that equips engineers and researchers with a comprehensive testing suite for simulating privacy attacks on deep learning systems. PrivacyRaven is a comprehensive testing suite for simulating privacy attacks on deep learning system

The coronavirus crisis has changed almost every aspect of our daily lives, and the way we work has experienced one of the most radical changes. While the whole world is working to stop the spread of the coronavirus, the great challenge faced by companies has been to move their employees to a remote work model at unprecedented speeds, while also ensuring that

Hey everybody, This is yet another author's writeup for BSidesSF CTF challenges! This one will focus on three crypto challenges I wrote: mainframe, mixer, and decrypto! mainframe - bad password reset .block1 { color: red; background-color: #3b3d37; border: 2px solid #17242b; margin: 2px; } .block2 { color: orange; background-color:

Being a malware researcher means you are always busy with the struggle against mountains of malware and cyberattacks around the world. Over the past decade, the number of daily new malware findings raised up to unimaginable heights: with hundreds of thousands of malware samples per day! However, while there are some rare and dangerous malware, not every samp

I spent the past several months porting Converter to the .NET Framework and am finally able to release a public version of it. Many of the original functions are present and I’ve added a few more things to the menu. Several conveniences have also been included that may not be very obvious: + Forms are non-modal so you can have multiple forms open at

A long time ago, I wrote a couple blogs that went into a lot of detail on how to use padding oracle vulnerabilities to decrypt an encrypted string of data. It's pretty important to understand to use a padding oracle vulnerability for decryption before reading this, so I'd suggest going there for a refresher. When I wrote that blog and the Poracle tool origin

Matt Decker from hybrid-cloudblog.com sent me this script he received via email and asked for help deobfuscating this so here we go… Here’s the WSF file he sent me: About half-way down the script, I come across this. Two variables should have caught your eye. Doing a search for the first variable name, I end up at the variable “vistaR

Users of the KNX, a standard for home automation bus systems, may already have come across KNXnet/IP (also known as EIBnet/IP): It is an extension for KNX that defines Ethernet as a communication medium for KNX which allows communication with KNX buses over IP driven networks. Additionally, it enables one to couple multiple bus installations over IP gateways

Maintaining a secure company network can be a daunting task, and that’s putting it lightly. The number of cyber threats out there seem to be multiplying by the day, while the incidents of cyber attacks have become a common headline. Just ask Target or Sony about the damage that can come from infiltration by cyber criminals and hackers. And those headlines ap

Hi all, Most of you that are  pentesters  may have already tested plenty of webservices using SOAP (Simple Object Access Protocol) for communication. Typically, such SOAP messages are transferred over HTTP (Hypertext Transfer Protocol) and are encapsulated in XML (Extensible Markup Language). Microsoft has developed different representations of this protocol

The moment, when your team leader asks you to cheat at Pokémon GO…everyone knows it, right? No? Well, I do

From various reports, it appears that the malicious Javascript files sent via email that pull Locky down is back. Let’s see what these scripts look like: At the bottom of the script, is this function that reverses the string above, joins the characters, then evaluates it: eval(aBN3DmdER7P.split(”).reverse().join(”)); Since we’re deal