Our Blog

White Papers, Research, Tools and more

Leap Security CTF 2018

Welcome Welcome to the inaugural Leap Security CTF competition. The CTF is a global competition created with the goal of giving back to the community. To make this all happen, we’ve teamed up with the guys at 0x00sec! The CTF will have no limitations on participants, it is open to anyone — think of it…

Read more

libssh Authentication Bypass CVE-2018-10933

The Vulnerability A vulnerability present in libssh versions 0.6 and later has taken the internet by storm. The vulnerability allows attackers to bypass authentication and gain remote code execution on the affected system. The libssh team has already released a patch to this vulnerability (link below). Upgrading to 0.7.6 or 0.8.4 eliminates the vulnerability. Link:…

Read more

Bsides Miami Presentation

Powerpoint: Slides BSides Miami 2018 Slides We had a great time bonding with our South Florida community at the inaugural BSides Miami this year. Our presentation educated the audience on current industry trends, the creation of targeted social engineering scenarios, demos of tools and real world examples. Luckily for us, the demo gods were nice…

Read more

LinkedIn Enumeration with InSpy 3.0

InSpy: https://github.com/leapsecurity/InSpy Welcome to InSpy 3.0 With InSpy 3.0 we decided to go back to the drawing boards and focus on what InSpy does best, gather employee information. We improved its core functionality and automated it as much as possible to the point that consultants no longer need to research an organization’s domain or email…

Read more

General Data Protection Regulation (GDPR) Penetration Testing

Introduction Meet GDPR. The General Data Protection Regulation (GDPR) is the new regulation in town which goes into full effect next week, May 25th. GDPR 95/46/EC covers the protection and empowerment of data privacy for all EU citizens, and the way organizations approach and process such data. Any organization that handles or processes the data…

Read more

Drupal Targeted with RCE Exploits

Introduction By now, you’ve most likely heard of the two recent Drupal vulnerabilities disclosed. If you or your organization is running Drupal 7.x or 8.x, we highly recommend you stop reading and update it now. Drupal 7.5.9 and 8.5.3 has patched the critical vulnerabilities mentioned in this article. Link: How to update Drupal Link: Drupal…

Read more

Let's talk about your
security needs

Send us an email and we’ll get the process started to protect your company

contact us