Our Blog

RSS

On April 12, 2016 Microsoft released 13 security bulletins. In this blogpost I'm going to talk about how I triggered and exploited the CVE-2016-0165, one of the MS16-039 fixes. Diffing Stage For  MS16-039, Microsoft released a fix for all Window versions, either for 32 and 64 bits. Four…

Read More

Do you know what it takes to truly defend your cyber security? It’s more than firewalls and eight character passwords, cyber security encompasses your entire network and the only way to keep it secure is by preparing to defend it as a whole. Today,…

Read More

Continuing with the previous Getting Physical blog posts series (CanSec2016's presentation), this time I'm going to talk about what paging implementation has been chosen by Windows and how it works. At the same time and according to Alex Ionescu's blog post, it's interesting to see that Microsoft has started…

Read More

Many winning vulnerability management programs have evolved to include additional solutions and workflows, beyond scanning, adding to a larger picture required to truly understand how an adversary could and will attack. Here are few best practices to keep in mind when maturing your own…

Read More

This is the second installment of a blog series titled "Exploiting Internet Explorer's MS15-106". If you haven't read part one, I recommend you to do so before starting with this second part. As mentioned in the previous blog post, in October 13, 2015 Microsoft…

Read More

Last week a story went viral (at least in the security world) titled “123456 is the most common password in a massive Twitter heist”. Despite many similar incidents, it remains surprising that users will still choose passwords as common and vulnerable as ‘123456’…

Read More

According to this year’s Verizon Data Breach Report, half of exploitations happen between 10 and 100 days with the median time being around 30 days. Of these exploitations, 85% of them are successful by using the top 10 most common vulnerabilities while the…

Read More

Have you seen the latest SC Magazine reviews? Then you have missed their glowing 5 Star Review for Core Vulnerability Insight! We are so proud of this product and the value it brings to any vulnerability management solution. Core Vulnerability Insight (formerly Core Insight) unifies, regulates, and…

Read More

We have some very exciting news to share with you today. Effective immediately, the companies you have known as Courion, Core Security, SecureReset and Bay 31 are now newly branded as Core Security. For more on our newly rebranded company please tune in to…

Read More

You think that you're safe, that your network is secure, that your firewalls are protecting you - but how will you know if you don't test it? A penetration test, or pen test, is an attempt to evaluate the security of an IT infrastructure…

Read More