Welcome to the 1st CoreLabs for CISOs blog. To set your expectation, we will be updating you on our latest research quarterly, but we reserve the right to provide timely pieces on things like the WikiLeaks Vault7 dump of CIA tradecraft as needs arise.
Over time, we will also pull in leading industry practitioners as guests to help us formulate systemic approaches for dealing with issues like IoT security or ransomware.
For today, let’s just orient you the new CoreLabs portal.
CoreLabs Information Security Advisories – Here you will find hundreds of advisories about specific vulnerabilities and attacks that you can build controls against like this one for a popular home WiFi device that allows for RCE (remote code execution). Don’t let the lack of a name fool you, when the CVE name is “pending assignment” that just means that it’s fresh and hasn’t worked its way through the National Vulnerability Database categorization process yet.
CoreLabs Information Security Publications – This section contains publications, presentations and papers authored by members of the CoreLabs research team. Expect how-tos on fun topics like hacking SAP SNC (Secure Network Connections) protected traffic or Measuring and mitigating social engineering malware downloads.
Open-Source IT Security Tools Developed by Core Security – Here you can find dozens of open-source tools developed by CoreLabs for the benefit of the IT security community. Need to do some wireless scanning or stealthy information gathering on a compromised device? We have the tools to help.
Research Blogs – These are extreme blogs on things like how to exploit Windows/Linux paging systems and how we actually go about finding new vulnerabilities (0days ;-)).