top of page
Technical
10 million most popular websites
Our list of the top 10 million websites available for you to freely download
Dec 22, 20224 min read
Ruby off the Rails (CVE-2022-3704)
Understanding Ruby on Rails vulnerability CVE-2022-3704 and what it means for future-proofing code
Nov 15, 20223 min read
Lessons from Pentesting Smart Buildings
How to hack (& protect) smart devices. We share common findings from our smart building pentests.
Jul 20, 20227 min read
Three things that every developer should know about cyber security
What every ethical hacker wishes developers knew about cyber security.
Mar 31, 20227 min read
You're the Salt to my Hash
Why hashing and salting are key ingredients for storing passwords securely.
Feb 14, 20225 min read
Divide and Contain
How do you protect your home network from cyber attacks against your employer? Read our overview of VLANs.
Feb 8, 20225 min read
Notes from a Pentester: How we found 2 new BuddyBoss vulnerabilities
How we discovered two Wordpress plugin vulnerabilities: CVE-2021-43334 and CVE-2021-44692.
Jan 26, 20224 min read
Notes from a Pentester: CVE-2021-43333 (DataLogic Devices)
During a recent pentest for a client we discovered a number of devices on their network that looked interesting, after 25 years of...
Jan 10, 20223 min read
How to Build Your Own Log4Shell Demo (CVE-2021-4428)
A step-by-step guide to building your own Log4Shell demo, with video overview.
Dec 16, 20213 min read
Explaining Log4Shell in Simple Terms
Vulnerabilities are discovered everyday. While some can be serious, most are not so scary that they get everyone in a (justifiable)...
Dec 13, 20216 min read
CVE-2021-29203 (HP Edgeline Manager) - Explained
FC takes a look at a proof of concept for CVE-2021-29203 (HP Edgeline Manager).
May 17, 20212 min read
What is APT28's Drovorub Malware?
The NSA and FBI have today released an advisory (pdf) about the previously undisclosed malware called Drovorub, that has been attributed...
Aug 13, 20202 min read
A Case Study in Technical Debt: why DynamoDB might not be for you
In this industry it can feel challenging to tell others you've made mistakes, but we believe that it's important to show not just the...
Aug 3, 20205 min read
CyberUp: Why We Believe the Computer Misuse Act Needs Reform
The Computer Misuse Act (1990) is 30 years old and was already out of date before it even got started. It came into effect in the UK...
Jul 13, 20202 min read
Scraping DNS records with BlueDanube
DNS is the heart of all things on the internet. It is the system that lets us type in amazon.com rather than 176.32.98.166 to do our...
May 18, 20203 min read
Cache Me Outside how bout dat?
Many of you will remember our blog post about RIDL, FALLOUT and ZombieLoad back in 2019, hot on the heels of Spectre and Meltdown from...
Jan 28, 20204 min read
The First Official NSA Exploit (CVE-2020-0601)
2020 starts with a shift in cybersecurity and the level of transparency that we usually see from the alphabet agencies. Tuesday the 14th...
Jan 15, 20204 min read
Trust but verify (your tools)
During a recent penetration test for a client we at Cygenta noticed a few odd responses from some of the scans we were doing with a tool...
Nov 26, 20194 min read
Fast data munging with AWS Athena and S3 Buckets
You have a ton of data, gigabytes of it, all in thousands - if not hundreds of thousands - of seperate files. How on earth do you go...
Sep 13, 20194 min read
How to build a data warehouse with AWS Redshift
I've been working on an idea for a while now that needed the ability to store and search through a large amount of data, we are not...
Aug 23, 20194 min read
bottom of page