SK CZ EN

Citadelo

Citadelo

Citadelo vulnerability stats 2021

blog | | Citadelo
Our hackers analyzed 275 client projects. Here's what they found.
Anzeigen

Citadelo einer der wachstumsstärksten Cybersecurity-Firmen Europas

blog | | Citadelo
Citadelo einer der wachstumsstärksten Cybersecurity-Firmen Europas
Anzeigen

Our ethical principles and how we guard our values

blog | | Citadelo
Our ethical principles and how we guard our values
Anzeigen

Citadelo arbeitet mit Binary Confidence zusammen

blog | | Citadelo
Anzeigen

Citadelo expands across Europe

blog | | Citadelo
Anzeigen

Full infrastructure takeover of VMware Cloud Director (CVE-2020-3956)

blog | | Citadelo
Anzeigen

Security Practices in Web Application Development - OWASP TOP 10

blog | | Citadelo
Is there 100% error free software? Is there 100% secure software? The answer to both questions is NO, but don't panic.
Anzeigen

Intigriti XSS challenge write-up

blog | | Citadelo
Intigriti published a DOM XSS Challenge available at Intigriti’s bug bounty platform. The assignment was to exploit a DOM XSS vulnerability on this page and to trigger a pop up of the document.domain (challenge.intigriti.io).
Anzeigen

How to audit Smart Contracts

blog | | Citadelo
Good question, actually. Since blockchain and the use of Smart Contracts is quite a new concept, there is no widely recognized standard for testing Smart Contracts. This article will provide an insight into the approach we use here, at Citadelo, when auditing Smart Contracts.
Anzeigen

Cloudflare, how to do it right and don't reveal your real IP

blog | | Citadelo
The goal of this blogpost is to show what needs to be done to have a secure working setup, explain why all of the countermeasures are really necessary by demonstrating the attacks that they are mitigating, to not reveal your origin IP address.
Anzeigen

Malware trends in 2018- Ransomware left behind by mining viruses

blog | | Citadelo
This blog is about CoinHive. I will describe how it affects websites, how websites get infected and how to prevent it or how to get rid of it.
Anzeigen

Report from 30C3: Forget privacy online!

blog | | Citadelo
Chaos Communication Congress is the oldest hacker conference in the world and the largest of its kind in Europe. It brings current research in the field of security, networking and increasingly also politics and other topics related to “hacking".
Anzeigen

MS13-105: Oracle Outside In MDB Parsing Vulnerability – CVE-2013-5791

blog | | Citadelo
People sometimes ask how to know what exact vulnerability was patched in particular piece of closed source software. In this blog, we would like to describe one such example from the Microsoft security bulletin.
Anzeigen

How to encrypt emails on Gmail using Mailvelope in Chrome

blog | | Citadelo
Learn how to encrypt your e-mail! We will go through simple installation of free Mailvelope extension to Google Chrome web browser and you will be able to send and receive encrypted messages with other users in no time.
Anzeigen

How to enable disk encryption in OS X

blog | | Citadelo
In recent versions of OS X, there is no need to install additional software because disk encryption feature is already embedded in the operating system. Activation and using are simple and straightforward.
Anzeigen

How an attacker could get your database using SQL Injection vulnerability (real demo of a hacker attack)

blog | | Citadelo
We will demonstrate a real hacker attack that leads to gaining all the data in the database, including credit card information stored in the web store.
Anzeigen

Be kind to your local security researcher

blog | | Citadelo
As big fans of open source, we feel the urge to support the community and contribute to the projects we like. And because our code is ugly as hell, we try to do it at least by reporting bugs and security vulnerabilities.
Anzeigen

Apple calls home – more privacy on OS X

blog | | Citadelo
After installing the firewall application called Little Snitch, I watched which applications on my Mac OS X are connecting to the Internet. Two notable services appeared – locationd and assistantd.
Anzeigen

How to order a pen test

blog | | Citadelo
Although people working in the IT security industry may consider this question to be as trivial as "How to order a phone charger", for many, writing a purchase order for a penetration test can be like designing a nuclear power plant.
Anzeigen

WebsiteBaker CMS 2.10.0 – Multiple SQL Injection Vulnerabilities

blog | | Citadelo
The vulnerability exists due to insufficient filtration of user-supplied data. By exploiting this vulnerability, an attacker gains access to all records stored in the database with the privileges of the WebsiteBaker database user
Anzeigen

Unofficial Patch Tuesday – MSMQ Privilege Escalation Vulnerability Hotfix

blog | | Citadelo
This security patch resolves a public vulnerability in the Windows Message Queuing Service (MSMQ) discovered by KoreLogic
Anzeigen

Security Landscape and our Masterplan

blog | | Citadelo
Our mission as a company is to make the Internet a safer place. We have a masterplan on how to achieve this goal, which I would like to share with you right now.
Anzeigen

Considerations before using keybase.io

blog | | Citadelo
Keybase.io is a service that according to their website “maps your identity to your public keys, and vice versa.”. It is also doing other optional things such as an encrypted filesystem and synchronized key management.
Anzeigen

How We Bypassed NOD32 and Hacked a Paranoid Customer

blog | | Citadelo
During penetration testing for a big customer, we hacked a number of Microsoft Windows servers. At one point, part of our attack was thwarted by ESET’s NOD32 system.
Anzeigen

Essentials for ICS/SCADA defence

blog | | Citadelo
In Summer 2016, as we cranked up our efforts to get deep into the Industry Security landscape, we had the pleasure to host Christine Kinch as our intern and researcher.
Anzeigen

32C3: Gated Communities – report from hacker conference

blog | | Citadelo
The thirty-second annual Chaos Communication Congress carried the tagline “Gated Communities”. CCC is probably the oldest hacker conference and “Gated communities” worked very well as a theme for this year.
Anzeigen

We found vulnerability of CMS Made Simple

blog | | Citadelo
CMS Made Simple is a free, open source CMS to provide developers, programmers and site owners a web-based development and administration area. In 2010 it won the Packt Publishing annual award for open source content management.
Anzeigen

MODX Revolution CMS 2.5.6

blog | | Citadelo
Modx Revolution is great CMS, that is Open Source, UX friendly and easy to use. However, in a version 2.5.6 and lower we have identified multiple vulnerabilities.
Anzeigen

ExtendedMacro – BurpSuite plugin

blog | | Citadelo
BurpSuite Proxy is one of the most used HTTP proxy application for web penetration testers. This tool is one of the best in its category, but sometimes we encounter a situation requiring additional functionality which is not provided by Burp itself.
Anzeigen

The Critical State of Industrial Control Systems Security

blog | | Citadelo
\"Finally we are beginning to address the problem that we have already had in years.” This laconic sentence can sum up the conclusions of the first conference focused on security of industrial control systems (ICS).
Anzeigen

How an attacker could hack your website using Cross Site Scripting Vulnerability (XSS)

blog | | Citadelo
Our customers and friends often ask us how a real hacker attack looks like. We want to show this on a very simple, but very common vulnerability called Cross Site Scripting or XSS.
Anzeigen

How to improve your privacy, security and comfort with three simple Google Chrome extensions (video howto)

blog | | Citadelo
In this post I would like to show you how to install three very useful Google Chrome extensions that will increase your privacy and comfort online. You can either watch this short video that will explain everything or follow this post with screenshots.
Anzeigen