23 October 2018

If there is one thing that all cybersecurity professionals agree on is how statistics on cybersecurity and cybercrime are misleading and unreliable. Fortunately, today, we enter a new era:  Statistics Canada has just released the results of the first Canadian Survey of Cybersecurity and Cybercrime (CSoCC). The survey includes 12,597 Canadian businesses with 10 or more employees and attempts at providing a picture of the Canadian threat environment for the year 2017. We provide a summary of the main statistics in this blog, along with relevant links for anyone wishing to learn more about the survey's results.

May 15, 2018

This February, we ran a Find Security Bugs scan on over at least one hundred components from the Spring Framework. Here is how these vulnerabilities were found, followed by a thorough review of the proposed fix.

April 26, 2018

Red Onions in WaterThis blog is the outcome of my 4 months of internship at GoSecure. I will describe two internal projects that we have developed to gather all kinds of interesting and valuable data. The first project aimed at gathering data on .onion sites—known as the Darknet—while the second one focused at gathering data on sites like Pastebin, GitHub’s gists and Dumpz.

April 03, 2018

We discovered a new Web attack vector abusing the Edge Side Overview of the potentially affected productsInclude (ESI) features common in caching services and product. We will explain the conditions required for exploitation along with 3 example payloads: Cookie exfiltration, SSRF and bypassing client-side XSS filtering.