Citadelo

Citadelo

Unofficial Patch Tuesday – MSMQ Privilege Escalation Vulnerability Hotfix

Blog | | Citadelo
This security patch resolves a public vulnerability in the Windows Message Queuing Service (MSMQ) discovered by KoreLogic
Anzeigen

We found vulnerability of CMS Made Simple

Blog | | Citadelo
CMS Made Simple is a free, open source CMS to provide developers, programmers and site owners a web-based development and administration area. In 2010 it won the Packt Publishing annual award for open source content management.
Anzeigen

ExtendedMacro – BurpSuite plugin

Blog | | Citadelo
BurpSuite Proxy is one of the most used HTTP proxy application for web penetration testers. This tool is one of the best in its category, but sometimes we encounter a situation requiring additional functionality which is not provided by Burp itself.
Anzeigen

WebsiteBaker CMS 2.10.0 – Multiple SQL Injection Vulnerabilities

Blog | | Citadelo
The vulnerability exists due to insufficient filtration of user-supplied data. By exploiting this vulnerability, an attacker gains access to all records stored in the database with the privileges of the WebsiteBaker database user
Anzeigen

Security Landscape and our Masterplan

Blog | | Citadelo
Our mission as a company is to make the Internet a safer place. We have a masterplan on how to achieve this goal, which I would like to share with you right now.
Anzeigen

Essentials for ICS/SCADA defence

Blog | | Citadelo
In Summer 2016, as we cranked up our efforts to get deep into the Industry Security landscape, we had the pleasure to host Christine Kinch as our intern and researcher.
Anzeigen

Considerations before using keybase.io

Blog | | Citadelo
Keybase.io is a service that according to their website “maps your identity to your public keys, and vice versa.”. It is also doing other optional things such as an encrypted filesystem and synchronized key management.
Anzeigen

How We Bypassed NOD32 and Hacked a Paranoid Customer

Blog | | Citadelo
During penetration testing for a big customer, we hacked a number of Microsoft Windows servers. At one point, part of our attack was thwarted by ESET’s NOD32 system.
Anzeigen

32C3: Gated Communities – report from hacker conference

Blog | | Citadelo
The thirty-second annual Chaos Communication Congress carried the tagline “Gated Communities”. CCC is probably the oldest hacker conference and “Gated communities” worked very well as a theme for this year.
Anzeigen

How an attacker could hack your website using Cross Site Scripting Vulnerability (XSS)

Blog | | Citadelo
Our customers and friends often ask us how a real hacker attack looks like. We want to show this on a very simple, but very common vulnerability called Cross Site Scripting or XSS.
Anzeigen

Report from 30C3: Forget privacy online!

Blog | | Citadelo
Chaos Communication Congress is the oldest hacker conference in the world and the largest of its kind in Europe. It brings current research in the field of security, networking and increasingly also politics and other topics related to “hacking".
Anzeigen