Category: Research

Couple of days back, I reported XSS and Content Spoofing on LinkedIn. Here are the details of the issues. Cross Site Scripting: What is Cross Site Scripting? […]

During a routine penetration testing engagement, we found an IIS webserver with HTTP methods (verbs) like PUT and DELETE enabled on it. During enumeration of […]

Scenario: One of our clients observed a suspicious behavior in a program and wanted us to analyze and identify if any malicious activities were being […]

Heartbleed Advisory & FAQ Please find below a quick FAQ on the Heartbleed vulnerability and what you can to address it: UPDATE June 5, 2014: […]

Most large organizations provide wireless facilities for their guest, which may include vendors, consultants, business associates, employees from other regions etc. Certain points should be […]

SQL injection – one of the most critical vulnerabilities till now – is still included in the OWASP Top 10 list’s Injection flaws section. SQLMap […]

Browser Reconnaissance and Ex-filtration via Adaptive Compression of Hypertext (BREACH) Attack: Previously we learnt how CRIME attacks SSL/TLS using SSL/TLS compression. Now we look at […]

Compression Ratio Info-leak Made Easy (CRIME) attack: In the previous section we saw how the Chosen Plain-text attack was used to weaken the SSL/TLS protocol. […]

Recently there has been a lot of news about a new SSL/TLS based attacks which was demonstrated in this year’s BlackHat conference. The attack was […]

Overview: In this following test, I wanted to see whether I was able to view personal details of some other person who was not in […]