Metasploit is a penetration testing framework that makes hacking simple. It's an essential tool for both attackers and defenders.
Stories by J.M. Porup
Google/Alphabet's Chronicle cybersecurity moonshot has a doozy of a mega-gargantuan SIEM with huge pluses--and minuses. Take note.
Mimikatz is a leading post-exploitation tool that dumps passwords from memory, as well as hashes, PINs and Kerberos tickets.
Defending critical infrastructure from determined attackers is not an easy task, CSO reporter J.M. Porup learned competing in the Department of Energy's CyberForce Competition 2018, a cyber security training initiative.
A new APT, dubbed White Company, is flexing its muscle on the world stage, and it has security researchers worried.
OWASP's Broken Web Applications Project makes it easy to learn how to hack web applications--a critical skill for web application developers playing defense, junior penetration testers, and security-curious management.
Check Point researcher finds vulnerability that could have allowed attackers to spy on drone fleets in real time.
Burning malware is like Hercules fighting the nine-headed Hydra. For every head he cuts off, two more grow back in its place.
Everything is broken, and government and corporations like it that way. But when people start dying because of insecure cyberphysical systems, the overreaction from panicked policymakers could be worse than after 9/11.We need to solve this problem now, Bruce Schneier argues in his new book.
Wireshark is a must-have (and free) network protocol analyzer for any security professional or systems administrator. It's like Jaws, only for packets.
Penny-wise, pound-foolish: Letting old domain names expire might save a few bucks a year, but lets attackers register your old domain and pretend to be you.
Defenders find this simple tool valuable for finding vulnerable devices attached to the web that need to be secured.
With XSS, attackers enter malicious code into a web form or web app URL to trick the application into doing something it's not supposed to do.
A massive internet blackout similar to the Dyn DNS outage in 2016 could easily happen again, despite relatively low-cost countermeasures, according to a new study out of Harvard University.
SQL injection attacks are well-understood and easily preventable, and the priority for risk mitigation should be preventing SQL injection attacks in the first place. Listen to Little Bobby Tables and sanitize your database inputs.