Every now and then, an regular penetration test project can take a decidedly irregular detour into the land of zero-day exploits. In October 2017, I discovered a zero-day vulnerability in Ulterius, a widely used, open-source remote access software. Come along. I have...
During the course of a web application test, occasionally our automated tools will miss a serious vulnerability. Cross-Site Request Forgery is one of these vulnerabilities that our scanners sometimes miss. You can read more about CSRF here. This is why it is so...
In the information security industry’s latest attention-grabbing headline, we have the tale of Charlie Miller and Chris Valasek hacking a Jeep Cherokee and disabling it while driving down the highway. You can read about this hack here. This is stunt hacking. That is,...
The boundary between right and wrong resists permanence in cyber-security. Hackers enjoy this ambiguity, as it makes the world of hacking exciting. In 1995, when I discovered SQL injection, I went on a website hacking spree for a few weeks. I would show off to my...
Attackers exploit weakness. This age-old concept applies equally to castles and battleships, as it does to applications and networks. The more vulnerabilities a network has, the easier it is to attack and compromise. Nearly all of the recent high-profile attacks...
The Shellshock (or Bash) bug is the latest serious bug to hit the scene. So what do you need to know about this bug? Anitian has a quick summary. What is Shellshock? It is a very serious bug to Bash, a ubiquitous command shell for Unix and Linux systems. When...