/var/log/messages

Like all good researchers, we publish our findings for everyone’s benefit. The articles here evidence our commitment to technical excellence and the breadth of the disciplines we cover.

Application-level Purple Teaming: A case study

By William Jardine on 15 September 2020

Attack-aware applications have been discussed in AppSec for over a decade - the concept that an application can detect that it is being attacked and fight back.

Read more

Securing AEM With Dispatcher

By Robert Russell on 7 September 2020

Adobe Experience Manager (AEM) is a popular Content Management System (CMS) that is used by a large and active user base to develop and deploy web applications.

Read more

Blog

N1QL Injection: Kind of SQL Injection in a NoSQL Database

By Krzysztof Pranczk on 2 September 2020

Nowadays, databases support various query languages, the most popular being SQL and NoSQL. These query languages are designed to provide clients with an efficient communication interface with the databases.

Read more

Exploiting CVE-2019-17026 - A Firefox JIT Bug

By Max Van Amerongen on 27 August 2020

Browser exploitation is an incredibly unique area of security research. With browsers constantly evolving to support new media and protocols, their attack surface is constantly evolving. Even JavaScript engines themselves are continuing to be improved upon.

Read more

Attack Detection Fundamentals: C2 and Exfiltration - Lab #3

By Alfie Champion on 15 July 2020

In the fourth and final part of F-Secure Consulting's Attack Detection Fundamentals Workshop series, covering Command and Control (C2) and Exfiltration, we explored a number of attacker techniques for maintaining communication with an implant, blending in...

Read more

Attack Detection Fundamentals: C2 and Exfiltration - Lab #2

By Alfie Champion and Jordan LaRose on 15 July 2020

In the fourth and final part of F-Secure Consulting's Attack Detection Fundamentals Workshop series, covering Command and Control (C2) and Exfiltration, we explored a number of attacker techniques for maintaining communication with an implant, blending in...

Read more

Attack Detection Fundamentals: C2 and Exfiltration - Lab #1

By Alfie Champion and Derek Stoeckenius on 15 July 2020

In the fourth and final part of F-Secure Consulting's Attack Detection Fundamentals Workshop series, covering Command and Control (C2) and Exfiltration, we explored a number of attacker techniques for maintaining communication with an implant, blending in...

Read more

Attack Detection Fundamentals: Discovery and Lateral Movement - Lab #5

By Alfie Champion on 8 July 2020

In the third part of F-Secure Consulting's Attack Detection Workshop series, covering Discovery and Lateral Movement, we explored a number of offensive techniques for discovering assets of value, be that users or file shares, and methods...

Read more

Attack Detection Fundamentals: Discovery and Lateral Movement - Lab #4

By Alfie Champion on 8 July 2020

In the third part of F-Secure Consulting's Attack Detection Workshop series, covering Discovery and Lateral Movement, we explored a number of offensive techniques for discovering assets of value, be that users or file shares, and methods...

Read more

Attack Detection Fundamentals: Discovery and Lateral Movement - Lab #3

By Alfie Champion on 8 July 2020

In the third part of F-Secure Consulting's Attack Detection Workshop series, covering Discovery and Lateral Movement, we explored a number of offensive techniques for discovering assets of value, be that users or file shares, and methods...

Read more

Attack Detection Fundamentals: Discovery and Lateral Movement - Lab #2

By Alfie Champion on 8 July 2020

In the third part of F-Secure Consulting's Attack Detection Workshop series, covering Discovery and Lateral Movement, we explored a number of offensive techniques for discovering assets of value, be that users or file shares, and methods...

Read more

Attack Detection Fundamentals: Discovery and Lateral Movement - Lab #1

By Alfie Champion on 8 July 2020

In the third part of F-Secure Consulting's Attack Detection Workshop series, covering Discovery and Lateral Movement, we explored a number of offensive techniques for discovering assets of value, be that users or file shares, and methods...

Read more