23 October 2018

If there is one thing that all cybersecurity professionals agree on is how statistics on cybersecurity and cybercrime are misleading and unreliable. Fortunately, today, we enter a new era:  Statistics Canada has just released the results of the first Canadian Survey of Cybersecurity and Cybercrime (CSoCC). The survey includes 12,597 Canadian businesses with 10 or more employees and attempts at providing a picture of the Canadian threat environment for the year 2017. We provide a summary of the main statistics in this blog, along with relevant links for anyone wishing to learn more about the survey's results.

January 24, 2018

This article is an opinionated essay on why you should be using Kotlin to build Burp extensions. It provides an overview of the main language features with code samples.

January 10, 2018

Privilege "escalation"The latest VMware Horizon vulnerability is via an attack vector that shouldn't be overlooked: bad Windows process handles management. In this article, you will find all the details around CVE-2017-4946 which was discovered and exploited by Martin Lemay during a pentest engagement.

August 10, 2017

New results related to our research about Linux/Moose, an IoT botnet that conducts social media fraud (SMF), were published in the scientific journal, Social Media & Society, last week. The article is open-source and available at: http://dl.acm.org/citation.cfm?id=3097301. However, if you don’t want to bother reading it, the blog post provides a quick summary of the main findings.