Skip to content

Penetration Testing

Exploiting Microsoft Kernel Applocker Driver (CVE-2024-38041)

Overview In recent July Patch Tuesday Microsoft patched a vulnerability in the Microsoft Kernel driver appid.sys, which...

Cybersecurity’s lights and shadows of e-vote

Electronic voting or e-vote is the process of casting a vote electronically from a computer phone or tablet.

Direct Memory Access Attacks: An easy way to hack into memory, bypass logon screens and ignore device encryption

Have you ever come across a laptop, server or desktop computer that has Full Device Encryption (FDE) and protected by a...

’Hit and Run’ Electric cars and the chips susceptible to hardware hacks

When we park or store our cars overnight, we often give thought to the valuable items, careful not to leave them in...

Cyber Threat Briefing: Russian Hackers, GoDaddy’s Cyberattack, and Reddit’s Open Communication

It’s been a busy first half of the year for the cybersecurity sector. The threat landscape remains increasingly...

Pentesting Keycloak – Part 2: Identifying Misconfiguration Using Risk Management Tools

Pentesting Keycloak – Part 2 This is part 2/2 of “Pentesting Keycloak”, this section will cover:

Pentesting Keycloak Part 1: Identifying Misconfiguration Using Risk Management Tools

What is Keycloak? Keycloak is an open-source Identity and Access Management (IAM) solution. It allows easy...

Time To Update your Video Conference Software

Jitsi-Meet Authentication Bypass (CVE-2021-33506) At CSA, one of our most vital services is penetration testing. We...

PwnKit / CVE-2021-4034 – Local Privilege Escalation in pkexec

What is it? WPwnKit, discovered by the Qualys Research Team, is a local privilege escalation vulnerability affecting a...

How Can Your Organization Implement Its Own Successful AppSec Program?

Simone Q., Principal Security Consultant, took Nick Hayes, Senior Director of Cyber Solutions at SureCloud, through...

Stored XSS Vulnerability in Open edX Platform Lilac Release-2021-08-02-19.11

TL;DR SureCloud identified a stored cross-site scripting vulnerability (XSS) within the Open edX platform < Lilac...

DoS Vulnerability in Akka-http <= 10.2.6

TL;DR SureCloud Cyber identified a denial of service (DoS) vulnerability in Akka-http prior to 10.2.6. An Akka-http...