Overview Paragon Partition Manager’s BioNTdrv.sys driver, versions prior to 2.0.0, contains five vulnerabilities. These include arbitrary kernel memory mapping and write vulnerabilities, a null pointer dereference,...
Read MoreThis post evaluates the pros and cons of the Exploit Prediction Scoring System (EPSS), a data-driven model designed to estimate the probability that software vulnerabilities will be exploited in practice.
Read MoreIn May 2020, NIST published Foundational Cybersecurity Activities for IoT Device Manufacturers (NIST IR 8259), which describes recommended cybersecurity activities that manufacturers should consider performing before their IoT...
Read MoreMicrosoft Entra ID (Formerly Azure AD) Conditional Access (CA) policies are the key components to a Zero Trust strategy, as it provides the ability to function as the front door for users and devices. CA policies use attributes,...
Read MoreOverview Rsync, a versatile file-synchronizing tool, contains six vulnerabilities present within versions 3.3.0 and below. Rsync can be used to sync files between remote and local computers, as well as storage devices. The...
Read MoreCourse Description The Mass Metrology Seminar is a two-week, “hands-on” seminar. It incorporates approximately 30 percent lectures and 70 percent demonstrations and laboratory work in which the participant performs...
Read More
Executive Summary The Cybersecurity and Infrastructure Security Agency (CISA) conducted a red team...
Read MoreThis blog post focuses on how the vulnerabilities in firmware popularized by the Uniform Extensible Firmware Interface create a lucrative target for high-profile attackers.
Read MoreThis post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK governmentโs Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data...
Read MoreA few days ago, I wrote a diary[1] about a link file that abused the ssh.exe tool present in modern versions of Microsoft Windows. At the end, I mentioned that I will hunt for more SSH-related files/scripts. Guess what? I...
Read More
Occasionaly I decompile Python code, with decompilers written in Python. Recently I discovered...
Read More
By default, DShield Honeypots [1] collect firewall, web and cowrie (telnet/ssh) [2] data and log...
Read More