
February 17, 2021
Captcha images don’t provide robust protection as a primary security control. This analysis explores how to prevent automated (bot) attacks.
Blog
February 17, 2021
Captcha images don’t provide robust protection as a primary security control. This analysis explores how to prevent automated (bot) attacks.
Blog
February 03, 2021
ScareCrow is a payload creation framework for generating loaders that side-load (not inject) into a legitimate Windows process (bypassing Application...
Tool
February 03, 2021
Even when the hooks are removed, defenders can still leverage other EDR functions, such as host isolation for incident triage or remote.
Blog
February 02, 2021
This post identifies systemic endpoint detection and response issues and examines how attackers can bypass any EDR product.
Blog
Software supply chain compromise explained: What you need to know and lessons learned.
Event
December 11, 2020
Our team describes how single-factor authentication attack surfaces can be exposed in the AirWatch MDM suite and what steps to take to mitigate risks.
Blog
November 05, 2020
A security vulnerability has been found in the Black Duck Hub REST API Python project (“blackduck” in the PyPI repository). Read more.
Blog
October 13, 2020
Application threat modeling decomposes application architecture into security-relevant components to reveal threats and potential risks.
Blog
September 30, 2020
Hackers can use the username structure and deployed technologies in an online document’s metadata to successfully breach the perimeter.
Blog
September 17, 2020
Information security strategies often overlook the threats posed by weaknesses in its physical security posture.
Blog
September 11, 2020
Moving functionality from Java to native implementations in Android increases obscurity but not security.
Tool
September 11, 2020
Moving functionality from Java to native implementations in Android increases obscurity but not security.
Blog