OUR BLOG
8 Hours, 5 Teams, 5 Tools: Inside the First TwelveSec Hackathon
In the fast-paced world of cybersecurity, it is remarkably easy to get caught up in the daily operational grind. Between penetration tests, security audits and responding to emerging threats, the day-to-day work of a security professional is high-stakes and...
Hardware Hacking: Why You Must Test Your Devices
Hardware hacking refers to the process of manipulating, modifying, or exploiting the underlying hardware of devices to gain unauthorised access or cause disruption. Whether it’s a router, smartphone, or even a medical device, attackers often find ways to exploit...
Stop Calling Them Password Managers: The Truth About Chromium’s In-Memory Flaw
We need to talk about the built-in "password managers" in Chromium-based browsers like Google Chrome, Brave, and Microsoft Edge. They are incredibly convenient, syncing effortlessly across your devices and autofilling your credentials with a single click. But as...
RCE Via Arbitrary File Upload at Open eClass
Introduction The Open eClass platform (http://www.openeclass.org) is an integrated Learning Management System (LMS). It follows the philosophy of open source software and supports a multitude of e-learning scenarios without restrictions and constraints. The service...
BoFs Are Not Dead
Abstract Buffer overflow vulnerabilities remain highly relevant in embedded systems, where the absence of operating system abstractions and modern memory protection mechanisms creates conditions fundamentally different from traditional software exploitation. Unlike...
Is user training a good thing?
In the past years, there has been a major focus on end-user training as it is considered (and rightly so) the weakest link in the cybersecurity chain. I keep hearing more and more experts (and self-proclaimed ones) emphasize that we should train our users constantly....






