Welcome to Crypto Week 2019
The Internet is an extraordinarily complex and evolving ecosystem. Its constituent protocols range from the ancient and archaic (hello FTP) to the modern and sleek (meet WireGuard), with a fair bit of everything in between. This evolution is ongoing, and as one of the most connected networks on the Internet,…
Security Compliance at Cloudflare
Cloudflare believes trust is fundamental to helping build a better Internet. One way Cloudflare is helping our customers earn their users’ trust is through industry standard security compliance certifications and regulations. Security compliance certifications are reports created by independent, third-party auditors that validate and document a company’s commitment to security.…
Hacking macOS: How to Perform Situational Awareness Attacks, Part 2 (Finding Files, History & USB Devices)
It's important to know who you're dealing with after hacking your target's MacBook. Getting remote access is simple, but covertly gathering information about the user and their system can be a challenge. Continuing with our situational awareness attacks, we'll be further orienting ourselves within a compromised Mac device and deepening…
A free Argo Tunnel for your next project
Argo Tunnel lets you expose a server to the Internet without opening any ports. The service runs a lightweight process on your server that creates outbound tunnels to the Cloudflare network. Instead of managing DNS, network, and firewall complexity, Argo Tunnel helps administrators serve traffic from their origin through Cloudflare…
Hacking macOS: How to Perform Situational Awareness Attacks, Part 1 (Using System Profiler & ARP)
The first few minutes after gaining access to a MacBook are critical — but where do we begin? Using tools built into macOS, we can develop an in-depth understanding of running background processes, detect antivirus software, locate sensitive files, and fingerprint other devices on the network. All of this can…
Project Galileo: the view from the front lines
Growing up in the age of technology has made it too easy for me to take the presence of the Internet for granted. It’s hard to imagine not being able to go online and connect with anyone in the world, whether I’m speaking with family members or following activists planning…
Podcast Episode 22: Ninja Forms Developer James Laws on Building & Expanding a WordPress Business
Ninja Forms is used on over 1 million WordPress sites. In this episode, Mark interviews James Laws, the co-founder of WP Ninjas, the developers behind this robust and powerful form builder. James and Mark talk about revenue models that work, how to find new opportunities through market research, experimentation with…
Protecting Project Galileo websites from HTTP attacks
Yesterday, we celebrated the fifth anniversary of Project Galileo. More than 550 websites are part of this program, and they have something in common: each and every one of them has been subject to attacks in the last month. In this blog post, we will look at the security events…
Improving Security and Privacy for Extensions Users
No, Chrome isn’t killing ad blockers -- we’re making them saferPosted by Devlin Cronin, Chrome Extensions TeamThe Chrome Extensions ecosystem has seen incredible advancement, adoption, and growth since its launch over ten years ago. Extensions are a great way for users to customize their experience in Chrome and on the…
Use your Android phone’s built-in security key to verify sign-in on iOS devices
Posted by Kaiyu Yan and Christiaan Brand Compromised credentials are one of the most common causes of security breaches. While Google automatically blocks the majority of unauthorized sign-in attempts, adding 2-Step Verification (2SV) considerably improves account security. At Cloud Next ‘19, we introduced a new 2SV method, enabling more than…
How to Discover & Attack Services on Web Apps or Networks with Sparta
Automating port scanners, directory crawlers, and reconnaissance tools can be complicated for beginners just getting started with Kali Linux. Sparta solves this problem with an easy-to-use graphical interface designed to simplify a penetration tester's tasks. Sparta, authored by Antonio Quina and Leonidas Stavliotis, is a Python-based GUI application that automates…
Microsoft Patch Tuesday, June 2019 Edition
Microsoft on Tuesday released updates to fix 88 security vulnerabilities in its Windows operating systems and related software. The most dangerous of these include four flaws for which there is already exploit code available. There’s also a scary bug affecting all versions of Microsoft Office that can be triggered by a…
Project Galileo: Lessons from 5 years of protecting the most vulnerable online
Today is the 5th anniversary of Cloudflare's Project Galileo. Through the Project, Cloudflare protects—at no cost—nearly 600 organizations around the world engaged in some of the most politically and artistically important work online. Because of their work, these organizations are attacked frequently, often with some of the fiercest cyber attacks…
Windows Security Event Logs: my own cheatsheet
During a forensic investigation, Windows Event Logs are the primary source of evidence.Windows Event Log analysis can help an investigator draw a timeline based on the logging information and the discovered artifacts, but a deep knowledge of events IDs is mandatory. According to the version of Windows installed on the…
Podcast Episode 21: New Plugin Vulns Exploited in the Wild, an Extortion Scam and the CBP Data Breach
This week, we discuss active exploitation of a plugin vulnerability in the wild, an extortion scam hitting numerous website owners, exposure of Industrial Control Systems to attackers as well as a CBP breach affecting travelers in the United States. We also talk about an email server vulnerability and what to…