The Digital Operations Resilience Act (DORA), which comes into effect on January 17, 2025, aims to enhance the resilience of the financial world against potential cyber attacks. This is structured around five pillars, with ‘Digital Operational Resilience Testing’ posing significant challenges for many businesses. Kees...Read more...

gRPC is getting increasingly popular and as a result, it is encountered more often during security assessments. In this blog post, I explain the different approaches to security test gRPC services depending on the type of assessment. At the end, I will show how to extend the blackboxprotobuf Burp extension to support...Read more...

Web applications often keep state corresponding to the current user. The user gets a cookie with an opaque token, the session token. The browser includes this cookie in each request. The web application uses this token to retrieve the corresponding data from the database, which can be used by the web application.
In...Read more...

Ten years ago, you could kind of get away with not paying much attention to security. This worked if you were not in certain sectors or didn’t have a certain profile, and if you were lucky. Until a few years ago.
Read our earlier article to understand how for everyone, the impact and likelihood of potential security...Read more...

While the sleep mask kit is doing a great job at encrypting the beacon at rest, the beacon resides unencrypted in memory during the execution of BOFs. This leads to detection if a memory scan is performed during the execution of the BOF. To overcome this, we encrypt the beacon memory and configuration block at the...Read more...