If you know me, you’ll know I’m not a fan of making tech predictions. It’s just not possible to consider the complexities of the world
Introducing Fuzzomatic: Using AI to Automatically Fuzz Rust Projects from Scratch
Introduction In August 2023, Google published research they did on AI-powered fuzzing. They showed they could automatically improve fuzzing code coverage of C/C++ projects already
Tales From the Incident Response Cliff Face – Case Study 2
In this installment of Tales from the Incident Response Cliff Face, we’ll take a look at a recent engagement, which involved a string of events
CVE-2023-46604 Apache ActiveMQ RCE vulnerability
Written by Joshua Cartlidge of the Kudelski Security Threat Detection & Research Team Summary On October 25, 2023, Apache disclosed an ActiveMQ Remote Code Execution
YouShallNotPass! Hardening CI/CD pipelines on mission critical environments
Kudelski Security has developed an open-source solution named “YouShallNotPass” (YSNP) to enhance the security of GitLab and GitHub pipelines. YSNP validates CI/CD jobs by only allowing specific repos, Docker images, scripts, and users to run on its runners. These security checks are stored independently on HashiCorp Vault. The solution acts as a gateway to protect their secure network environment and clients’ security devices from potential threats.
F5 BIG-IP Unauthenticated RCE via HTTP Request Smuggling
Written by Scott Emerson of the Kudelski Security Threat Detection & Research Team Summary Researchers at Praetorian have discovered a request smuggling vulnerability that could