28 January 2018
Perimeter security is broken. Industrial systems are exposed. And attackers are always one step ahead. At Citadelo, we’ve crafted a masterplan to flip the odds — from honeypots to bug bounties to real-time traps.
28 January 2018
In Summer 2016, as we cranked up our efforts to get deep into the Industry Security landscape, we had the pleasure to host Christine Kinch as our intern and researcher.
28 January 2018
Microsoft won’t patch this one — so we did. CVE-2014-4971 is a known privilege escalation vulnerability in the MSMQ service on Windows XP. Citadelo’s unofficial hotfix helps secure legacy systems against this active exploit.
28 January 2018
Keybase.io is a service that according to their website “maps your identity to your public keys, and vice versa.”. It is also doing other optional things such as an encrypted filesystem and synchronized key management.
26 January 2018
BurpSuite Proxy is one of the most used HTTP proxy application for web penetration testers. This tool is one of the best in its category, but sometimes we encounter a situation requiring additional functionality which is not provided by Burp itself.
26 January 2018
Citadelo researchers uncovered multiple vulnerabilities in MODX Revolution 2.5.6 and lower — including unauthenticated file inclusion, XSS, and even authenticated code execution. Sites using outdated versions should patch immediately.