Shawn Evans

Introduction Within most enterprise environments, authentication is handled by a central system known as the domain controller. The domain controller,…

Penetration testing demands a diverse skill set to effectively navigate and defeat security controls within the evaluated environment. It’s a…

The tool “SMBMap” was created nearly seven years ago. Originally based on a Python library called PySMB, it has since…

NopSec commonly needs to bypass anti-virus / anti-malware software detection during our penetration testing engagements, which leads us to spend…

CVE-2019-0211 – Carpe Diem – Apache Local Privilege Escalation Vulnerability Description This week’s trending vulnerability is CVE-2019-0211, a local privilege…

Spam detection, facial recognition, market segmentation, social network analysis, personalized product recommendations, self-driving cars – applications of machine learning (ML)…

Back in February, we talked about a malicious container ‘break out’ vulnerability in runc (CVE-2019-5736), a universal command-line interface tool…

CVE-2019-1002101 – Kubernetes Directory Traversal Description Back in February, we talked about a malicious container ‘break out’ vulnerability in runc…

CVE-2019-5418 – Ruby on Rails File Content Disclosure Vulnerability Description This week’s trending vulnerability, CVE-2019-5418, is a file content disclosure…

Spam detection, facial recognition, market segmentation, social network analysis, personalized product recommendations, self-driving cars – applications of machine learning (ML)…

Recently on a customer engagement, I discovered an application that exposed its Web Application Description Language (WADL) XML that describes…

CVE-2019-0797 – Windows Zero-Day Vulnerability Description CVE-2019-0797 is one of the three zero-day vulnerabilities (one in Chrome, the other two…

Google Chrome Zero-Day Vulnerability (CVE-2019-5786) & Two New Actively Exploited Windows Zero-Day Vulnerabilities Description On February 27th, security engineers from…

Updates on Drupal (CVE-2019-6340) & A New Improper Input Validation Flaw Leading to RCE in Cisco Routers (CVE-2019-1663) The improper…

CVE-2019-6340 – Improper Input Validation Leading to Remote Code Execution in Drupal This week’s most tweeted-about vulnerability is a, yet…

CVE-2019-5736 – Malicious Container “Break Out” Vulnerability in Runc Last week, we extensively covered a security flaw in runc –…

CVE-2019-5736 – malicious container “break out” vulnerability in runc If you follow cybersecurity news at all, you have likely already…

CVE-2019-1653 (Cisco Routers information disclosure), CVE-2018-16858 (LibreOffice directory traversal bug) It has been a relatively slow week as we have…

This week’s most talked about vulnerability is CVE-2019-1653. It is an information disclosure vulnerability affecting web-based management interface of Cisco…

CVE-2018-15982 is a use after free zero-day vulnerability in Adobe Flash Player (versions up to 31.0.0.153) which can result in…

The Great News It has been recently reported that NIST, the agency hosting the National Vulnerability Database (NVD), plans to replace its…

I’d like to diverge from our typical blog topics today to discuss the Offensive Security Certified Professional (OSCP) certification, and…

Many of our clients at NopSec have mature web application security programs with their own internal white hat penetration testing…

As a penetration tester who uses Python in virtually all engagement, here are the top 5 python libraries that I recommend…