Websec Cybersecurity Blog
Expert insights, trends, research findings, and best practices from our security team to help you strengthen your organization's security posture.
Featured Article
Our most important cybersecurity insight
A Comparison Between the Real User ID and the Effective User ID is not Enough to Prevent Privilege Escalation
In Unix-like systems, processes have a real and effective user ID determining their access permissions. While usually identical, they can differ in situations like when the setuid bit is activated in executables.
Ncrack and Nmap NSE development for offense and defense - DEFCON CHINA
Paulino Calderon (@calderpwn) represented Websec in the first edition in China of the world-renowned DEFCON event. Here we share all the material of your workshop.
Belkin Wemo Switch NMap Scripts
Belkin Wemo Switch Smart Plug is a network controlled power outlet. The current firmware version does not requiere authentication to switch the power ON or OFF or to gather information such as nearby wireless networks. Two NMap scripts have been published
New publication: Mastering the Nmap Scripting Engine
We invite you to learn more about the latest publication from our team, "Mastering the Nmap Scripting Engine".
Special discount code for "Nmap 6: Network Exploration and Security Auditing Cookbook"
PacktPub created a special discount code for our friends from HackerHalted
Remote credential and configuration disclosure of Huawei HG5XX devices using Nmap.
A new NSE script called "http-huawei-hg5xx-vuln" has been added to Nmap which exploits a couple of vulnerabilities found in Huawei HG5XX modems.
Detecting and exploiting vulnerable PHP-CGI applications
A critical vulnerability affecting PHP applications which use the CGI interprerter was published which allows attackers to view the source code and execute code remotely.