Application security October 12, 2011 Arvind Doraiswamy HTTP response splitting attack In this paper we will discuss HTTP Response Splitting and how the attack can actually be carried out. When we're clear about how it works, because it is an...
Hacking October 10, 2011 Stephen Bradshaw Egghunter Exploitation Tutorial This tutorial will cover the process of writing a buffer overflow exploit for a known vulnerability in the Vulnserver application. This is the fifth article...
Application security August 5, 2011 Mark Wireman Application Security, Deconstructed and Demystified Security professionals have all heard, read, and in some instances, directly felt the impact of insecure or vulnerable applications. Whether they originate...
General security August 5, 2011 Walter Goulet Understanding the Public Key Infrastructure behind SSL secured websites Synopsis: Public Key Infrastructure (PKI) has recently been the focus of several important discussions within the information security community due to high...
Hacking July 28, 2011 Esteban Guillardoy Staying undetected post-exploitation Once you have control over a target and go into the post-exploitation phase, you start thinking on how to keep future access and most importantly how...
General security July 28, 2011 Tom Olzak Five Steps to Incident Management in a Virtualized Environment Incident management (IM) is a necessary part of a security program. When effective, it mitigates business impact, identifies weaknesses in controls, and helps...
Hacking July 27, 2011 Gabi Nakibly Security Vulnerabilities of IPv6 Tunnels This article talks about novel security vulnerabilities of IPv6 tunnels – an important type of migration mechanisms from IPv4 to IPv6 implemented by all major...
Digital forensics July 27, 2011 Keatron Evans Incident Response and Computer Forensics on Rootkits Lets pick up where we left off with the rootkit and post-exploitation video (https://www.youtube.com/watch?v=izv1b-BTQFw). Except, we are now doing incident...
Application security July 15, 2011 Ken Johnson Attacking web services Pt 2 – SOAP In the previous article, we discussed forming a SOAP request based off the operations listed in a WSDL file and automating this task with Buby and Burp Suite....
Application security July 15, 2011 Ken Johnson Attacking web services Pt 1 – SOAP I often receive testing related questions from AppSec folks new to web services about the techniques used to discover and attack them. Often, web services are...