Citadelo

Jakub Novák from Sales: 8 years of ethical hacking at Citadelo

blog | 26 Mar 2024 | Citadelo

Show

Ethical Hacking Report 2023: The most vulnerable systems are Web, Cloud and Infrastructure.

blog | 11 Mar 2024 | Citadelo

Show

CVE Alert: Python API Library with Severe Remote Code Execution Risk

blog | 1 Mar 2024 | Citadelo

Show

Penetration test quality vs. recruitment quality?

blog | 20 Feb 2024 | Citadelo

Show

Azure Functions Privilege Escalation

blog | 1 Aug 2023 | Citadelo

Azure Functions Privilege Escalation Vulnerability - A Wake-Up Call for Security Professionals

Show

Citadelo vulnerability stats 2022

blog | 26 Apr 2023 | Citadelo

Our hackers analyzed 388 client projects. Here's what they found.

Show

Top 10 Pentesting Tools

blog | 23 Feb 2023 | Citadelo

Welcome to the world of pentesting, where hacking is an art and these tools are our paint brushes.

Show

Initially laughed off as a fleeting fad, the app proceeded to blast past 1 billion users faster than any other social media platform, with two-thirds of American teens reporting they use the app daily.

Show

2 ways repair shops can hack your mobile phone

blog | 30 Jan 2023 | Citadelo

While many independently owned repair shops might be completely legitimate operations, there are more and more popping up that can and will hack your mobile phone while repairing it. And the problem is, it’s REALLY easy to do

Show

Our ethical principles and how we guard our values

blog | 4 Jan 2022 | Citadelo

Our ethical principles and how we guard our values

Show

Log4Shell (CVE-2021-44228) in a little more detail

blog | 14 Dec 2021 | Citadelo

Log4Shell (CVE-2021-44228) in a little more detail

Show

Red Teaming

blog | 30 Nov 2021 | Citadelo

Show

Mobile applications

blog | 29 Sep 2021 | Citadelo

Show

Citadelo teams up with Binary Confidence

blog | 29 Sep 2021 | Citadelo

Show

3 must haves to keep your data safe

blog | 12 Aug 2021 | Citadelo

Show

Citadelo expands across Europe

blog | 11 Nov 2020 | Citadelo

Show

Full infrastructure takeover of VMware Cloud Director (CVE-2020-3956)

blog | 1 Jun 2020 | Citadelo

Show

Security Practices in Web Application Development - OWASP TOP 10

blog | 4 Jun 2019 | Citadelo

Is there 100% error free software? Is there 100% secure software? The answer to both questions is NO, but don't panic.

Show

Intigriti XSS challenge write-up

blog | 24 May 2019 | Citadelo

Intigriti published a DOM XSS Challenge available at Intigriti’s bug bounty platform. The assignment was to exploit a DOM XSS vulnerability on this page and to trigger a pop up of the document.domain (challenge.intigriti.io).

Show

How to audit Smart Contracts

blog | 17 Apr 2019 | Citadelo

Good question, actually. Since blockchain and the use of Smart Contracts is quite a new concept, there is no widely recognized standard for testing Smart Contracts. This article will provide an insight into the approach we use here, at Citadelo, when auditing Smart Contracts.

Show

Cloudflare, how to do it right and don't reveal your real IP

blog | 14 Nov 2018 | Citadelo

The goal of this blogpost is to show what needs to be done to have a secure working setup, explain why all of the countermeasures are really necessary by demonstrating the attacks that they are mitigating, to not reveal your origin IP address.

Show

Malware trends in 2018- Ransomware left behind by mining viruses

blog | 13 Jul 2018 | Citadelo

This blog is about CoinHive. I will describe how it affects websites, how websites get infected and how to prevent it or how to get rid of it.

Show

Report from 30C3: Forget privacy online!

blog | 20 Feb 2018 | Citadelo

Chaos Communication Congress is the oldest hacker conference in the world and the largest of its kind in Europe. It brings current research in the field of security, networking and increasingly also politics and other topics related to “hacking".

Show

MS13-105: Oracle Outside In MDB Parsing Vulnerability – CVE-2013-5791

blog | 20 Feb 2018 | Citadelo

People sometimes ask how to know what exact vulnerability was patched in particular piece of closed source software. In this blog, we would like to describe one such example from the Microsoft security bulletin.

Show

How to encrypt emails on Gmail using Mailvelope in Chrome

blog | 20 Feb 2018 | Citadelo

Learn how to encrypt your e-mail! We will go through simple installation of free Mailvelope extension to Google Chrome web browser and you will be able to send and receive encrypted messages with other users in no time.

Show

How to enable disk encryption in OS X

blog | 20 Feb 2018 | Citadelo

In recent versions of OS X, there is no need to install additional software because disk encryption feature is already embedded in the operating system. Activation and using are simple and straightforward.

Show

How an attacker could get your database using SQL Injection vulnerability (real demo of a hacker attack)

blog | 20 Feb 2018 | Citadelo

We will demonstrate a real hacker attack that leads to gaining all the data in the database, including credit card information stored in the web store.

Show

Be kind to your local security researcher

blog | 20 Feb 2018 | Citadelo

As big fans of open source, we feel the urge to support the community and contribute to the projects we like. And because our code is ugly as hell, we try to do it at least by reporting bugs and security vulnerabilities.

Show

Apple calls home – more privacy on OS X

blog | 20 Feb 2018 | Citadelo

After installing the firewall application called Little Snitch, I watched which applications on my Mac OS X are connecting to the Internet. Two notable services appeared – locationd and assistantd.

Show

How to order a pen test

blog | 8 Feb 2018 | Citadelo

Although people working in the IT security industry may consider this question to be as trivial as "How to order a phone charger", for many, writing a purchase order for a penetration test can be like designing a nuclear power plant.

Show

WebsiteBaker CMS 2.10.0 – Multiple SQL Injection Vulnerabilities

blog | 28 Jan 2018 | Citadelo

The vulnerability exists due to insufficient filtration of user-supplied data. By exploiting this vulnerability, an attacker gains access to all records stored in the database with the privileges of the WebsiteBaker database user

Show

Unofficial Patch Tuesday – MSMQ Privilege Escalation Vulnerability Hotfix

blog | 28 Jan 2018 | Citadelo

This security patch resolves a public vulnerability in the Windows Message Queuing Service (MSMQ) discovered by KoreLogic

Show

Security Landscape and our Masterplan

blog | 28 Jan 2018 | Citadelo

Our mission as a company is to make the Internet a safer place. We have a masterplan on how to achieve this goal, which I would like to share with you right now.

Show

Considerations before using keybase.io

blog | 28 Jan 2018 | Citadelo

Keybase.io is a service that according to their website “maps your identity to your public keys, and vice versa.”. It is also doing other optional things such as an encrypted filesystem and synchronized key management.

Show

How We Bypassed NOD32 and Hacked a Paranoid Customer

blog | 28 Jan 2018 | Citadelo

During penetration testing for a big customer, we hacked a number of Microsoft Windows servers. At one point, part of our attack was thwarted by ESET’s NOD32 system.

Show

Essentials for ICS/SCADA defence

blog | 28 Jan 2018 | Citadelo

In Summer 2016, as we cranked up our efforts to get deep into the Industry Security landscape, we had the pleasure to host Christine Kinch as our intern and researcher.

Show

32C3: Gated Communities – report from hacker conference

blog | 28 Jan 2018 | Citadelo

The thirty-second annual Chaos Communication Congress carried the tagline “Gated Communities”. CCC is probably the oldest hacker conference and “Gated communities” worked very well as a theme for this year.

Show

We found vulnerability of CMS Made Simple

blog | 26 Jan 2018 | Citadelo

CMS Made Simple is a free, open source CMS to provide developers, programmers and site owners a web-based development and administration area. In 2010 it won the Packt Publishing annual award for open source content management.

Show

MODX Revolution CMS 2.5.6

blog | 26 Jan 2018 | Citadelo

Modx Revolution is great CMS, that is Open Source, UX friendly and easy to use. However, in a version 2.5.6 and lower we have identified multiple vulnerabilities.

Show

ExtendedMacro – BurpSuite plugin

blog | 26 Jan 2018 | Citadelo

BurpSuite Proxy is one of the most used HTTP proxy application for web penetration testers. This tool is one of the best in its category, but sometimes we encounter a situation requiring additional functionality which is not provided by Burp itself.

Show

The Critical State of Industrial Control Systems Security

blog | 20 Oct 2015 | Citadelo

\"Finally we are beginning to address the problem that we have already had in years.” This laconic sentence can sum up the conclusions of the first conference focused on security of industrial control systems (ICS).

Show

How an attacker could hack your website using Cross Site Scripting Vulnerability (XSS)

blog | 4 Apr 2014 | Citadelo

Our customers and friends often ask us how a real hacker attack looks like. We want to show this on a very simple, but very common vulnerability called Cross Site Scripting or XSS.

Show

How to improve your privacy, security and comfort with three simple Google Chrome extensions (video howto)

blog | 13 Feb 2014 | Citadelo

In this post I would like to show you how to install three very useful Google Chrome extensions that will increase your privacy and comfort online. You can either watch this short video that will explain everything or follow this post with screenshots.

Show