POODLE Advisory
What is POODLE? POODLE stands for Padding Oracle On Downgraded Legacy Encryption Vulnerability CVE: CVE-2014-3566 What is the attack? The […]
Category: Case Studies
Mitigating the Remote Code Execution in Bash
Introduction In the last post we saw how the recent bash vulnerability can be remotely exploited in a variety of […]
Bourne Again Shell (Bash) Remote Code Execution Vulnerability
Introduction A remotely exploitable vulnerability was discovered by Stephane Chazelas of Akamai in the GNU Bash command shell. The vulnerability […]
ATM Application Whitelisting Security Assessment
During a recent engagement, we were asked to test the security level of an application white-listing solution deployed on the […]
Authorization Vulnerability in Yahoo! Pipes
Recently, I found an interesting issue qualifying on Yahoo! Pipes. But before going into the details of this specific issue, […]
IT Act 2000 – Penalties, Offences With Case Studies
Objectives of IT legislation in India The Government of India enacted its Information Technology Act 2000 with the objectives stating […]
Owning The Enterprise With HTTP PUT
During a routine penetration testing engagement, we found an IIS webserver with HTTP methods (verbs) like PUT and DELETE enabled […]
Heartbleed Open SSL Bug FAQ & Advisory
Heartbleed Advisory & FAQ Please find below a quick FAQ on the Heartbleed vulnerability and what you can to address […]
Insecure Implementation of Guest Wireless Networks
Most large organizations provide wireless facilities for their guest, which may include vendors, consultants, business associates, employees from other regions […]
Gone in 60s Malware Analysis Report
It is a common technique for criminals to target gaming applications as a propagation vector for malware distribution. Recently, I observed just such a malicious Android app, which acted as an interesting information stealer and then self-destructed. I took this case to investigate further as an interesting research.