Technical

Dec 22, 20224 min read

10 million most popular websites

Our list of the top 10 million websites available for you to freely download

Nov 15, 20223 min read

Ruby off the Rails (CVE-2022-3704)

Understanding Ruby on Rails vulnerability CVE-2022-3704 and what it means for future-proofing code

Jul 20, 20227 min read

Lessons from Pentesting Smart Buildings

How to hack (& protect) smart devices. We share common findings from our smart building pentests.

Mar 31, 20227 min read

Three things that every developer should know about cyber security

What every ethical hacker wishes developers knew about cyber security.

Feb 14, 20225 min read

You're the Salt to my Hash

Why hashing and salting are key ingredients for storing passwords securely.

Feb 8, 20225 min read

Divide and Contain

How do you protect your home network from cyber attacks against your employer? Read our overview of VLANs.

Jan 26, 20224 min read

Notes from a Pentester: How we found 2 new BuddyBoss vulnerabilities

How we discovered two Wordpress plugin vulnerabilities: CVE-2021-43334 and CVE-2021-44692.

Jan 10, 20223 min read

Notes from a Pentester: CVE-2021-43333 (DataLogic Devices)

During a recent pentest for a client we discovered a number of devices on their network that looked interesting, after 25 years of...

Dec 16, 20213 min read

How to Build Your Own Log4Shell Demo (CVE-2021-4428)

A step-by-step guide to building your own Log4Shell demo, with video overview.

Dec 13, 20216 min read

Explaining Log4Shell in Simple Terms

Vulnerabilities are discovered everyday. While some can be serious, most are not so scary that they get everyone in a (justifiable)...

May 17, 20212 min read

CVE-2021-29203 (HP Edgeline Manager) - Explained

FC takes a look at a proof of concept for CVE-2021-29203 (HP Edgeline Manager).

Aug 12, 20202 min read

What is APT28's Drovorub Malware?

The NSA and FBI have today released an advisory (pdf) about the previously undisclosed malware called Drovorub, that has been attributed...

Aug 2, 20205 min read

A Case Study in Technical Debt: why DynamoDB might not be for you

In this industry it can feel challenging to tell others you've made mistakes, but we believe that it's important to show not just the...

Jul 12, 20202 min read

CyberUp: Why We Believe the Computer Misuse Act Needs Reform

The Computer Misuse Act (1990) is 30 years old and was already out of date before it even got started. It came into effect in the UK...

May 17, 20203 min read

Scraping DNS records with BlueDanube

DNS is the heart of all things on the internet. It is the system that lets us type in amazon.com rather than 176.32.98.166 to do our...

Jan 28, 20204 min read

Cache Me Outside how bout dat?

Many of you will remember our blog post about RIDL, FALLOUT and ZombieLoad back in 2019, hot on the heels of Spectre and Meltdown from...

Jan 15, 20204 min read

The First Official NSA Exploit (CVE-2020-0601)

2020 starts with a shift in cybersecurity and the level of transparency that we usually see from the alphabet agencies. Tuesday the 14th...

Nov 26, 20194 min read

Trust but verify (your tools)

During a recent penetration test for a client we at Cygenta noticed a few odd responses from some of the scans we were doing with a tool...

Sep 12, 20194 min read

Fast data munging with AWS Athena and S3 Buckets

You have a ton of data, gigabytes of it, all in thousands - if not hundreds of thousands - of seperate files. How on earth do you go...

Aug 22, 20194 min read

How to build a data warehouse with AWS Redshift

I've been working on an idea for a while now that needed the ability to store and search through a large amount of data, we are not...

Click here to subscribe to my mailing list and be the first to receive our new blog posts.