Exploiting a SAML Implementation During a recent web application test, I discovered a bug in a Security Assertion Markup Language (SAML) implementation. This bug involved an insecure implementation of a SAML feature combined with a custom authentication mechanism our...
Welcome to Part 2 of this 2-part blog series looking at the details of exploring and validating an exploit! If you liked this series, I bet you’d be interested in our webinar on How to Think Like A Hacker, check it out! Now on to Part 2: Taking it to the Next...
A Study in Exploit Development: Easychat SEH exploit A typical penetration test involves automated scanning to identify vulnerabilities, followed by a more manual testing process where the tester attempts to validate and exploit those vulnerabilities. Many times, we...
Every now and then, an regular penetration test project can take a decidedly irregular detour into the land of zero-day exploits. In October 2017, I discovered a zero-day vulnerability in Ulterius, a widely used, open-source remote access software. Come along. I have...
Every now and then, an regular penetration test project can take a decidedly irregular detour into the land of zero-day exploits. In October 2017, I discovered a zero-day vulnerability in Ulterius, a widely used, open-source remote access software. Come along. I have...
