Article Archive

In this paper we will discuss HTTP Response Splitting and how the attack can actually be carried out. When we're clear about how it works, because it is an...

This tutorial will cover the process of writing a buffer overflow exploit for a known vulnerability in the Vulnserver application. This is the fifth article...

Security professionals have all heard, read, and in some instances, directly felt the impact of insecure or vulnerable applications. Whether they originate...

Synopsis: Public Key Infrastructure (PKI) has recently been the focus of several important discussions within the information security community due to high...

Once you have control over a target and go into the post-exploitation phase, you start thinking on how to keep future access and most importantly how...

Incident management (IM) is a necessary part of a security program. When effective, it mitigates business impact, identifies weaknesses in controls, and helps...

This article talks about novel security vulnerabilities of IPv6 tunnels – an important type of migration mechanisms from IPv4 to IPv6 implemented by all major...

Lets pick up where we left off with the rootkit and post-exploitation video (https://www.youtube.com/watch?v=izv1b-BTQFw). Except, we are now doing incident...

In the previous article, we discussed forming a SOAP request based off the operations listed in a WSDL file and automating this task with Buby and Burp Suite....

I often receive testing related questions from AppSec folks new to web services about the techniques used to discover and attack them. Often, web services are...