News
1 June 2020
Full infrastructure takeover of VMware Cloud Director (CVE-2020-3956)
How a single simple form submission can be manipulated to gain control of any Virtual Machine (VM) within VMware Cloud Director. The story of a critical vulnerability that enables a full infrastructure takeover.
4 June 2019
Security Practices in Web Application Development - OWASP TOP 10
Is there 100% error free software? Is there 100% secure software? The answer to both questions is NO, but don't panic.
24 May 2019
Intigriti XSS challenge write-up
Intigriti published a DOM XSS Challenge available at Intigriti’s bug bounty platform. The assignment was to exploit a DOM XSS vulnerability on this page and to trigger a pop up of the document.domain (challenge.intigriti.io).
17 April 2019
How to Secure Your Blockchain Project with a Smart Contract Audit
There’s no official testing standard for Smart Contracts. But that doesn’t mean you should leave your code untested. Here’s how we approach audits that go beyond checklists.
14 November 2018
Cloudflare, how to do it right and don't reveal your real IP
The goal of this blogpost is to show what needs to be done to have a secure working setup, explain why all of the countermeasures are really necessary by demonstrating the attacks that they are mitigating, to not reveal your origin IP address.
13 July 2018
Malware trends in 2018- Ransomware left behind by mining viruses
This blog is about CoinHive. I will describe how it affects websites, how websites get infected and how to prevent it or how to get rid of it.