Attention, there is a new path traversal vulnerability (CVE-2019-19781) with a 9.8 severity rating that can allow unauthenticated threat actors to execute arbitrary code on several Citrix products. These products include application delivery controllers (ADC), Gateways, and SD-WAN WANOP. Citrix provided a patch timeline that lists the dates of various patches for their … [Read more...]
Microsoft Patch Tuesday; Critical RDP & Important CryptoAPI Updates
If you use modern-day Microsoft software products as a standard end user or a Windows Server administrator and use Remote Desktop Protocol (RDP) in any fashion or use any software programs that utilize CryptoAPI, I strongly recommend you patch right away! The Cybersecurity and Infrastructure Security Agency (CISA) released an alert about three critical RDP patches and an … [Read more...]
Mobile Security and IMSI-Catchers
While reading some security articles, one headline in particular stood out and piqued my interest – Do you use burner phones during business travel? Here’s how you can be targeted. Personally, I am super into mobile and wireless security in general. This includes cellular/mobile networks and even just standard IP-based networking. The events going on behind the scenes with … [Read more...]
My CTF Ventures: picoCTF, General Skills
The next few installments in this series will focus solely on the picoCTF 2019 challenge platform. This post in particular will cover what the introduction is all about, provide some brief details about how the game is set up, and then dive into the “General Skills” challenge room. I will also expand on a few technical concepts along the way for those who may not know and to … [Read more...]
My CTF Ventures: Introduction
The sheer amount of info regarding information systems (computers and other electronic devices and how they work, programming, etc.) is mind boggling, honestly. How do you read through it all, hoping to understand at least a sliver of what you’ve read, and then apply it from a security research standpoint? From encodings to encryption algorithms and the tools available to do … [Read more...]