GoSecure Blog
BlackHat Europe 2016: Ego-Market
For those who missed it, here is the video of our BlackHat Europe 2016 presentation titled EGO-MARKET: When People’s Greed for Fame Benefits Large-Scale Botnets.
Modern Static Analysis for .NET
In the past six months, we have been working on a new static analysis tool for the .NET ecosystem called Roslyn Security Guard. It is a Visual Studio extension that analyzes C# code. It was first released at Black Hat USA this year. This article will cover the latest milestone reached which brings a new taint analysis mechanism and the introduction of automated code fixes.
Exposing the EGO MARKET: the cybercrime performed by the Linux/Moose botnet
Cybercrime is an evolving phenomenon and offenders are continuously adapting to find new techniques to monetize their illicit activities. Our research paper and upcoming BlackHat Europe presentation – EGO MARKET: When People’s Greed for Fame Benefits Large-Scale Botnets – is about Linux/Moose, a botnet that conducts social media fraud. This blog post is a summary of our paper.
Find Security Bugs: the open-source Java static analysis tool
Last week, a new version of Find Security Bugs (FSB), a FindBugs extension was released. In this post, we will present the most recent improvements and some project announcements.
Auditing CSP headers with Burp and ZAP
As you may know, CSP is not adopted yet by industry. Multiple surveys have already been made about the adoption of the security header [1] [2] [3]. Even so, it does not mean that we cannot prepare ourselves for the technology. For this purpose, we have built a Burp and ZAP extension to automate the most common validations called CSP Auditor.
