by Andrew Plato | Apr 2, 2018 | Application Security, Penetration Testing, Vulnerabilities
Welcome to Part 2 of this 2-part blog series looking at the details of exploring and validating an exploit! If you liked this series, I bet you’d be interested in our webinar on How to Think Like A Hacker, check it out! Now on to Part 2: Taking it to the Next...
by Andrew Plato | Mar 27, 2018 | Application Security, Penetration Testing, Vulnerabilities
A Study in Exploit Development: Easychat SEH exploit A typical penetration test involves automated scanning to identify vulnerabilities, followed by a more manual testing process where the tester attempts to validate and exploit those vulnerabilities. Many times, we...
by Andrew Plato | Jan 24, 2018 | Vulnerabilities
It has been a few weeks since security researchers discovered that nearly every processor on earth is vulnerable to Meltdown and Spectre vulnerabilities. Panic is spreading. We agree, this is a serious set of vulnerabilities. But, no need to panic. We got this. No...
by Andrew Plato | Aug 20, 2015 | Uncategorized, Vulnerabilities, Vulnerability Research
During the course of a web application test, occasionally our automated tools will miss a serious vulnerability. Cross-Site Request Forgery is one of these vulnerabilities that our scanners sometime miss. You can read more about CSRF here. This is why it is so...
by Andrew Plato | Jul 22, 2015 | Uncategorized, Vulnerabilities, Vulnerability Research
In the information security industry’s latest attention grabbing headline, we have the tale of Charlie Miller and Chris Valasek hacking a Jeep Cherokee and disabling it while driving down the highway. You can read about this hack here. This is stunt hacking. That is,...
by Andrew Plato | Sep 25, 2014 | Uncategorized, Vulnerabilities
The Shellshock (or Bash) bug is the latest serious bug to hit the scene. So what do you need to know about this bug? Anitian has a quick summary. What is Shellshock? It is a very serious bug to Bash, a ubiquitous command shell for Unix and Linux systems. When...
