10 juillet 2018

A Password Hidden Among Other Binary DataThis post will detail the password filter implant project we developed recently. Our password filter is used to exfiltrate Active Directory credentials through DNS. This text will discuss the technicalities of the project as well as my personal experience developing it.

17 octobre 2016

Command InjectionLast week, a new version of Find Security Bugs (FSB), a FindBugs extension was released.

In this post, we will present the most recent improvements and some project announcements.

12 octobre 2016

Our old blog was officially migrated into its new home in our website! Our previous blog will redirect you here automatically.

Remember to update your bookmarks.

28 juin 2016

Content Security Policy (CSP)  is a HTTP header that instruct the browser to limit resource loading of media, styles and scripts.

As you may know, CSP is not adopted yet by industry. Multiple surveys have already been made about the adoption of the security header [1] [2] [3]. Even so, it does not mean that we cannot prepare ourselves for the technology. For this purpose, we have built a Burp and ZAP extension to automate the most common validations called CSP Auditor.