Shawn Evans

April was a busy month for Microsoft. Patch Tuesday introduced critical Windows fixes to address a pair of remote command…

In March 2023, security researchers identified a number of critical vulnerabilities that could be exploited by attackers to gain access…

In this month’s trending CVEs we have a number of patches released by Microsoft to address critical vulnerabilities identified in…

Happy New Year! In this month’s trending CVEs ManageEngine takes the top spot with yet another unauthenticated remote command execution…

Happy holiday season! December was off the chains, literally. Microsoft released a security update to address a remote command execution…

Happy Thanksgiving! November was a surprisingly slow month. It’ll be perfect for some light reading over a thanksgiving break. In…

Happy Halloween! The October trending CVEs feature another out of bound write of vulnerability being exploited in the wild that…

In this month’s edition of trending CVEs, we feature a blast from the past that provides an excellent example of…

This month we have five CVEs on the radar. The August 2022 Patch Now Award* this month goes to ManageEngine,…

Introduction Within most enterprise environments, authentication is handled by a central system known as the domain controller. The domain controller,…

Penetration testing demands a diverse skill set to effectively navigate and defeat security controls within the evaluated environment. It’s a…

The tool “SMBMap” was created nearly seven years ago. Originally based on a Python library called PySMB, it has since…

NopSec commonly needs to bypass anti-virus / anti-malware software detection during our penetration testing engagements, which leads us to spend…

CVE-2019-0211 – Carpe Diem – Apache Local Privilege Escalation Vulnerability Description This week’s trending vulnerability is CVE-2019-0211, a local privilege…

Spam detection, facial recognition, market segmentation, social network analysis, personalized product recommendations, self-driving cars – applications of machine learning (ML)…

Back in February, we talked about a malicious container ‘break out’ vulnerability in runc (CVE-2019-5736), a universal command-line interface tool…

CVE-2019-1002101 – Kubernetes Directory Traversal Description Back in February, we talked about a malicious container ‘break out’ vulnerability in runc…

CVE-2019-5418 – Ruby on Rails File Content Disclosure Vulnerability Description This week’s trending vulnerability, CVE-2019-5418, is a file content disclosure…

Spam detection, facial recognition, market segmentation, social network analysis, personalized product recommendations, self-driving cars – applications of machine learning (ML)…

Recently on a customer engagement, I discovered an application that exposed its Web Application Description Language (WADL) XML that describes…

CVE-2019-0797 – Windows Zero-Day Vulnerability Description CVE-2019-0797 is one of the three zero-day vulnerabilities (one in Chrome, the other two…

Google Chrome Zero-Day Vulnerability (CVE-2019-5786) & Two New Actively Exploited Windows Zero-Day Vulnerabilities Description On February 27th, security engineers from…

Updates on Drupal (CVE-2019-6340) & A New Improper Input Validation Flaw Leading to RCE in Cisco Routers (CVE-2019-1663) The improper…

CVE-2019-6340 – Improper Input Validation Leading to Remote Code Execution in Drupal This week’s most tweeted-about vulnerability is a, yet…

CVE-2019-5736 – Malicious Container “Break Out” Vulnerability in Runc Last week, we extensively covered a security flaw in runc –…

CVE-2019-5736 – malicious container “break out” vulnerability in runc If you follow cybersecurity news at all, you have likely already…

CVE-2019-1653 (Cisco Routers information disclosure), CVE-2018-16858 (LibreOffice directory traversal bug) It has been a relatively slow week as we have…

This week’s most talked about vulnerability is CVE-2019-1653. It is an information disclosure vulnerability affecting web-based management interface of Cisco…

CVE-2018-15982 is a use after free zero-day vulnerability in Adobe Flash Player (versions up to 31.0.0.153) which can result in…

The Great News It has been recently reported that NIST, the agency hosting the National Vulnerability Database (NVD), plans to replace its…

I’d like to diverge from our typical blog topics today to discuss the Offensive Security Certified Professional (OSCP) certification, and…

Many of our clients at NopSec have mature web application security programs with their own internal white hat penetration testing…

As a penetration tester who uses Python in virtually all engagement, here are the top 5 python libraries that I recommend…