Whenever I hear or see headlines about a “supply chain vulnerability,” I think in terms of big enterprises and delivery of goods and services. You know — supplies. But in technology, the term “supply chain attack” means that an attacker has gotten into something trusted — such as a software vendor, service provider, hardware supplier […]

moth // Recently, BHIS penetration tester Dale Hobbs was on an Internal Network Penetration Test and came across an RPC-based arbitrary command execution vulnerability in his vulnerability scan results.  I […]

The post Exploit Development – A Sincere Form of Flattery appeared first on Black Hills Information Security, Inc..

Lawrence Hoffman // With BlackHat and DefCon happening as I type it’s hard to choose what’s going to make this list. I will probably save most of the big shiny […]

The post Lawrence’s List 080516 appeared first on Black Hills Information Security, Inc..