What is Maltego? “Maltego is software used for open-source intelligence and forensics, developed by Paterva from Pretoria, South Africa. Maltego focuses on providing a library of transforms for discovery of data from open sources, and visualizing that information in a graph format, suitable for link analysis and data mining.” -...
Continue reading...
KDE Frameworks (kf5/kdelibs) < 5.61.0 is vulnerable to a command injection vulnerability in the KConfig class. This can be directly exploited by having a remote user view a specially crafted configuration file. The only interaction required is viewing the file in a file browser and/or on the desktop. Sure, this...
Continue reading...
Often times when running scans against large companies, you’ll find the same software being reused across many of them. Over the last couple weeks I’ve ran into Axway SecureTransport logins at least 3 times during separate audits. According to Axway’s website: “Axway SecureTransport is a multi-protocol MFT gateway for securing,...
Continue reading...
Over the past month or so, I’ve spent quite a bit of time reading and experimenting with custom URI schemes. As the last post on this blog clearly demonstrated, a poorly implemented custom URI can have a number of security concerns. When I say “a number”, it’s because I’m about...
Continue reading...
