Citadelo

Citadelo

Unofficial Patch Tuesday – MSMQ Privilege Escalation Vulnerability Hotfix

Blog | | Citadelo
This security patch resolves a public vulnerability in the Windows Message Queuing Service (MSMQ) discovered by KoreLogic
Show

We found vulnerability of CMS Made Simple

Blog | | Citadelo
CMS Made Simple is a free, open source CMS to provide developers, programmers and site owners a web-based development and administration area. In 2010 it won the Packt Publishing annual award for open source content management.
Show

ExtendedMacro – BurpSuite plugin

Blog | | Citadelo
BurpSuite Proxy is one of the most used HTTP proxy application for web penetration testers. This tool is one of the best in its category, but sometimes we encounter a situation requiring additional functionality which is not provided by Burp itself.
Show

MODX Revolution CMS 2.5.6

Blog | | Citadelo
Modx Revolution is great CMS, that is Open Source, UX friendly and easy to use. However, in a version 2.5.6 and lower we have identified multiple vulnerabilities.
Show

WebsiteBaker CMS 2.10.0 – Multiple SQL Injection Vulnerabilities

Blog | | Citadelo
The vulnerability exists due to insufficient filtration of user-supplied data. By exploiting this vulnerability, an attacker gains access to all records stored in the database with the privileges of the WebsiteBaker database user
Show

Security Landscape and our Masterplan

Blog | | Citadelo
Our mission as a company is to make the Internet a safer place. We have a masterplan on how to achieve this goal, which I would like to share with you right now.
Show

Essentials for ICS/SCADA defence

Blog | | Citadelo
In Summer 2016, as we cranked up our efforts to get deep into the Industry Security landscape, we had the pleasure to host Christine Kinch as our intern and researcher.
Show

Considerations before using keybase.io

Blog | | Citadelo
Keybase.io is a service that according to their website “maps your identity to your public keys, and vice versa.”. It is also doing other optional things such as an encrypted filesystem and synchronized key management.
Show

How We Bypassed NOD32 and Hacked a Paranoid Customer

Blog | | Citadelo
During penetration testing for a big customer, we hacked a number of Microsoft Windows servers. At one point, part of our attack was thwarted by ESET’s NOD32 system.
Show

32C3: Gated Communities – report from hacker conference

Blog | | Citadelo
The thirty-second annual Chaos Communication Congress carried the tagline “Gated Communities”. CCC is probably the oldest hacker conference and “Gated communities” worked very well as a theme for this year.
Show

How an attacker could hack your website using Cross Site Scripting Vulnerability (XSS)

Blog | | Citadelo
Our customers and friends often ask us how a real hacker attack looks like. We want to show this on a very simple, but very common vulnerability called Cross Site Scripting or XSS.
Show

Report from 30C3: Forget privacy online!

Blog | | Citadelo
Chaos Communication Congress is the oldest hacker conference in the world and the largest of its kind in Europe. It brings current research in the field of security, networking and increasingly also politics and other topics related to “hacking".
Show