Security Blog

Binary Webshell Through OPcache in PHP 7

In this article, we will be looking at a new exploitation technique using the default OPcache engine from PHP 7. Using this attack vector, we can bypass certain hardening techniques that disallow the file write access in the web directory. This could be used by an attacker to execute his own malicious code in a hardened environment.

read more

Your credentials at risk with Lansweeper 5

As a penetration testers, we rarely have to find ‘zero day’ vulnerabilities or perform ‘bug hunting’ in order to compromise Windows Active Directory Domains. However, in one of these rare cases while performing an internal penetration test for a client, we had to do so. Lansweeper is an inventory software that scans your network in order to gather system information such as patch level, network interfaces, resources status, etc.   We were fairly surprised during this test when we were able to access Lansweeper 5’s dashboard with a regular user account.

read more

On the road to AtlSecCon

AtlSecCon is almost there! Philippe and I are pretty excited to be speaking there this year! Our presentations will cover some of the analysis we performed: Linux/Moose, LizardSquad, Win32/RBrute,and more. Finally, some advice will be given to the audience in order to help protect themselves, their organizations and their families.

read more

XSS for ASP.net developers

As a follow-up to the conference given at Confoo a few weeks ago, we are doing a focus article on the same topic. The presentation was giving an overview of the modern XSS attack vectors and filter bypass. In this blog post, we will take a closer look at XSS in the context of .NET applications.

read more

GoSecure proud to support AtlSecCon and NorthSec 2016

At GoSecure we believe that improving the security posture of Canadian companies has to happen through better security awareness and education of IT professionals. This is why that, in addition of running our own conference GoSec in Montreal, we are major sponsors of top community conferences like AtlSecCon (Halifax, NS) and NorthSec (Montreal, QC).

read more

Categories

Titan Managed Detection & Response
Next-Generation Antivirus
Endpoint Detection & Response
Network Detection & Response
Inbox Detection & Response
Insider Threat Detection & Response
Managed Firewall
Managed SIEM
Vulnerability Management as a Service
GoSecure Titan
Titan Software
Email Security
Web Security
ResponderPRO Forensics Toolkit
Advisory Services
Breach Readiness Services
Cybersecurity Assessment
Incident Response Services
Red & Purple Team Services
Penetration Testing Services
Privacy & Compliance Services
Security Compromise Assessment
3rd Party Technology

Pin It on Pinterest