Blog

Blog

WebsiteBaker CMS 2.10.0 – Multiple SQL Injection Vulnerabilities

Blog | | Citadelo
The vulnerability exists due to insufficient filtration of user-supplied data. By exploiting this vulnerability, an attacker gains access to all records stored in the database with the privileges of the WebsiteBaker database user
Show

Security Landscape and our Masterplan

Blog | | Citadelo
Our mission as a company is to make the Internet a safer place. We have a masterplan on how to achieve this goal, which I would like to share with you right now.
Show

Essentials for ICS/SCADA defence

Blog | | Citadelo
In Summer 2016, as we cranked up our efforts to get deep into the Industry Security landscape, we had the pleasure to host Christine Kinch as our intern and researcher.
Show

Considerations before using keybase.io

Blog | | Citadelo
Keybase.io is a service that according to their website “maps your identity to your public keys, and vice versa.”. It is also doing other optional things such as an encrypted filesystem and synchronized key management.
Show

How We Bypassed NOD32 and Hacked a Paranoid Customer

Blog | | Citadelo
During penetration testing for a big customer, we hacked a number of Microsoft Windows servers. At one point, part of our attack was thwarted by ESET’s NOD32 system.
Show

32C3: Gated Communities – report from hacker conference

Blog | | Citadelo
The thirty-second annual Chaos Communication Congress carried the tagline “Gated Communities”. CCC is probably the oldest hacker conference and “Gated communities” worked very well as a theme for this year.
Show