-
Top Trending CVEs of September 2023
September was an exciting month for NopSec as we hosted our Customer Advisory Board meetings in New York City. Thanks…
-
Top Trending CVEs of August 2023
Summer is slowly cooking everyone into air conditioned spaces as vacations wind down and school winds up. August featured some…
-
Top Trending CVEs of July 2023
July was a busy month for vulnerability research. We had the opportunity to be picky about our curated selection of…
-
Top Trending CVEs of June 2023
It’s finally summer! That means kids are out of school and vacations are in full swing, that includes Security Researchers….
-
Top Trending CVEs of May 2023
May was a rather quiet month for security research, but an excellent write up filtered to the masses from the…
-
Top Trending CVEs of April 2023
April was a busy month for Microsoft. Patch Tuesday introduced critical Windows fixes to address a pair of remote command…
-
Top Trending CVEs of March 2023
In March 2023, security researchers identified a number of critical vulnerabilities that could be exploited by attackers to gain access…
-
Top Trending CVEs of February 2023
In this month’s trending CVEs we have a number of patches released by Microsoft to address critical vulnerabilities identified in…
-
Top Trending CVEs of January 2023
Happy New Year! In this month’s trending CVEs ManageEngine takes the top spot with yet another unauthenticated remote command execution…
-
Top Trending CVEs of December 2022
Happy holiday season! December was off the chains, literally. Microsoft released a security update to address a remote command execution…
-
Top Trending CVEs of November 2022
Happy Thanksgiving! November was a surprisingly slow month. It’ll be perfect for some light reading over a thanksgiving break. In…
-
Top Trending CVEs of October 2022
Happy Halloween! The October trending CVEs feature another out of bound write of vulnerability being exploited in the wild that…
-
Top Trending CVEs of September 2022
In this month’s edition of trending CVEs, we feature a blast from the past that provides an excellent example of…
-
Top Trending CVEs of August 2022
This month we have five CVEs on the radar. The August 2022 Patch Now Award* this month goes to ManageEngine,…
-
Exploiting Kerberos for Lateral Movement and Privilege Escalation
Introduction Within most enterprise environments, authentication is handled by a central system known as the domain controller. The domain controller,…
-
Responder: Beyond WPAD
Penetration testing demands a diverse skill set to effectively navigate and defeat security controls within the evaluated environment. It’s a…
-
SMBMap: Wield it like the Creator
The tool “SMBMap” was created nearly seven years ago. Originally based on a Python library called PySMB, it has since…
-
Penetration Testing With Shellcode: Hiding Shellcode Inside Neural Networks
NopSec commonly needs to bypass anti-virus / anti-malware software detection during our penetration testing engagements, which leads us to spend…
-
Trending CVEs for the Week of April 8th, 2019
CVE-2019-0211 – Carpe Diem – Apache Local Privilege Escalation Vulnerability Description This week’s trending vulnerability is CVE-2019-0211, a local privilege…
-
Machine Learning in Cybersecurity Course – Part 2: Specific Applications and Challenges
Spam detection, facial recognition, market segmentation, social network analysis, personalized product recommendations, self-driving cars – applications of machine learning (ML)…
-
2019 Q1 Social Media Trends
Back in February, we talked about a malicious container ‘break out’ vulnerability in runc (CVE-2019-5736), a universal command-line interface tool…
-
Trending CVEs for the Week of April 1st, 2019
CVE-2019-1002101 – Kubernetes Directory Traversal Description Back in February, we talked about a malicious container ‘break out’ vulnerability in runc…
-
Trending CVEs for the Week of March 25th, 2019
CVE-2019-5418 – Ruby on Rails File Content Disclosure Vulnerability Description This week’s trending vulnerability, CVE-2019-5418, is a file content disclosure…
-
Machine Learning in Cybersecurity Course – Part 1: Core Concepts and Examples
Spam detection, facial recognition, market segmentation, social network analysis, personalized product recommendations, self-driving cars – applications of machine learning (ML)…
-
Leveraging Exposed WADL XML in Burp Suite
Recently on a customer engagement, I discovered an application that exposed its Web Application Description Language (WADL) XML that describes…
-
Trending CVEs for the Week of March 18th, 2019
CVE-2019-0797 – Windows Zero-Day Vulnerability Description CVE-2019-0797 is one of the three zero-day vulnerabilities (one in Chrome, the other two…
-
Trending CVEs for the Week of March 11th, 2019
Google Chrome Zero-Day Vulnerability (CVE-2019-5786) & Two New Actively Exploited Windows Zero-Day Vulnerabilities Description On February 27th, security engineers from…
-
Trending CVEs for the Week of March 4th, 2019
Updates on Drupal (CVE-2019-6340) & A New Improper Input Validation Flaw Leading to RCE in Cisco Routers (CVE-2019-1663) The improper…
-
Trending CVEs for the Week of February 25th, 2019
CVE-2019-6340 – Improper Input Validation Leading to Remote Code Execution in Drupal This week’s most tweeted-about vulnerability is a, yet…
-
Trending CVEs for the Week of February 18th, 2019
CVE-2019-5736 – Malicious Container “Break Out” Vulnerability in Runc Last week, we extensively covered a security flaw in runc –…
-
Trending CVEs for the Week of February 11th, 2019
CVE-2019-5736 – malicious container “break out” vulnerability in runc If you follow cybersecurity news at all, you have likely already…
-
Trending CVEs for the Week of February 4th, 2019
CVE-2019-1653 (Cisco Routers information disclosure), CVE-2018-16858 (LibreOffice directory traversal bug) It has been a relatively slow week as we have…
-
Trending CVEs for the Week of January 28th, 2019
This week’s most talked about vulnerability is CVE-2019-1653. It is an information disclosure vulnerability affecting web-based management interface of Cisco…
-
Trending CVEs for the Week of January 21st, 2019
CVE-2018-15982 is a use after free zero-day vulnerability in Adobe Flash Player (versions up to 31.0.0.153) which can result in…
-
NIST Teams up with IBM Watson AI System to Score Vulnerabilities
The Great News It has been recently reported that NIST, the agency hosting the National Vulnerability Database (NVD), plans to replace its…
-
Musings on the OSCP
I’d like to diverge from our typical blog topics today to discuss the Offensive Security Certified Professional (OSCP) certification, and…
-
Pen Testing Toolkit: White Hat Tools to Improve Web Application Penetration Testing
Many of our clients at NopSec have mature web application security programs with their own internal white hat penetration testing…
-
Python for Pentesters: 5 Python Libraries Every Pentester Should Be Using
As a penetration tester who uses Python in virtually all engagement, here are the top 5 python libraries that I recommend…