Blog

Blog

How to order a pen test

blog | | Citadelo
Although people working in the IT security industry may consider this question to be as trivial as "How to order a phone charger", for many, writing a purchase order for a penetration test can be like designing a nuclear power plant.
Anzeigen

WebsiteBaker CMS 2.10.0 – Multiple SQL Injection Vulnerabilities

blog | | Citadelo
The vulnerability exists due to insufficient filtration of user-supplied data. By exploiting this vulnerability, an attacker gains access to all records stored in the database with the privileges of the WebsiteBaker database user
Anzeigen

Unofficial Patch Tuesday – MSMQ Privilege Escalation Vulnerability Hotfix

blog | | Citadelo
This security patch resolves a public vulnerability in the Windows Message Queuing Service (MSMQ) discovered by KoreLogic
Anzeigen

Security Landscape and our Masterplan

blog | | Citadelo
Our mission as a company is to make the Internet a safer place. We have a masterplan on how to achieve this goal, which I would like to share with you right now.
Anzeigen

Considerations before using keybase.io

blog | | Citadelo
Keybase.io is a service that according to their website “maps your identity to your public keys, and vice versa.”. It is also doing other optional things such as an encrypted filesystem and synchronized key management.
Anzeigen

How We Bypassed NOD32 and Hacked a Paranoid Customer

blog | | Citadelo
During penetration testing for a big customer, we hacked a number of Microsoft Windows servers. At one point, part of our attack was thwarted by ESET’s NOD32 system.
Anzeigen