Security Review of Microsoft DirectAccess Implementation

This article presents the key risks with DirectAccess and how to audit them. Let’s begin by first understanding the DirectAccess technology. Introduction of DirectAccess From the Wikipedia definition DirectAccess, also known as Unified Remote Access, is a VPN-like technology that provides intranet connectivity to client computers when they are connected to the Internet. Direct Access […]

Anatomy of a Credit Card Stealing POS Malware

INTRODUCTION Point-of-sale (POS) is the place where a retail transaction is completed. It is the point at which a customer makes a payment to the merchant in exchange for goods or services. Majority of retail POS systems also include a debit/credit card reader. POINT-OF-SALE INTRUSIONS What is it? When attackers compromise the computers and servers […]

Asus RT-N10 Plus Cross Site Scripting CVE-2015-1437

Overview ASUS Router RT-N10 Plus is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the result_of_get_changed_status.asp script. A remote authenticated attacker could exploit this vulnerability using the flag parameter in a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once […]