While the sleep mask kit is doing a great job at encrypting the beacon at rest, the beacon resides unencrypted in memory during the execution of BOFs. This leads to detection if a memory scan is performed during the execution of the BOF. To overcome this, we encrypt the beacon memory and configuration block at the...Read more...

What if your external developer won’t let you share the code of an application with us for a pentest, even though the application was made specifically for you? This is problematic because it forces you to accept a less effective test of your application: one in which we cannot look at the code while we carry out the...Read more...

You may want a pentest for a variety of reasons: in this blog we will discuss four common reasons for pentests of (web) applications or hardware and I will give you tips.
Above all: understand what your own reason is and communicate this with your pentest provider. It will improve your pentest experience, I promise!...Read more...

If you ask us to carry out a penetration test (pentest) of an application, we will ask you to share the code to the application up front. A pentest is much more effective when the pentester has the code at hand. In our jargon, this is called a white box test.
In this blog, I will discuss three objections to sharing...Read more...

Ten years ago, you could kind of get away with not paying much attention to security. This worked if you were not in certain sectors or didn’t have a certain profile, and if you were lucky. Until a few years ago.
Read our earlier article to understand how for everyone, the impact and likelihood of potential security...Read more...