Clik here to view.
Bypassing CAPTCHAs by Impersonating CAPTCHA Providers
By Gursev Kalra. CAPTCHA service providers validate millions of CAPTCHAs each day and protect thousands of websites against the bots. A secure CAPTCHA generation and validation ecosystem forms the...
View ArticleClik here to view.
Manually Exploiting HP Data Protector
By Tony Lee, Amit Bagree, and Paul Haas. Occasionally, you may find yourself in a spot where there are vulnerability checks for an issue, however there are no available exploits. In some cases you may...
View ArticleClik here to view.
Basic Steps to Protect Firefox and Your Browsing Experience (How not to be a...
By Jerry Pierce. If you are like 99% of the population you graciously allow Microsoft to update your operating system software on a regular basis and you probably (hopefully!!) have an Anti-Virus...
View ArticleClik here to view.
Manually Exploiting Tomcat Manager
By Tony Lee. Apache Tomcat is a very popular open source implementation for handling JavaServer Pages. However, Apache Tomcat is often deployed with default or weak credentials protecting the web...
View ArticleClik here to view.
Getting Started With LORCON
By Brad Antoniewicz. Loss Of Radio CONnectivity (LORCON) is an IEEE 802.11 packet injection library. It was originally created by Joshua Wright and Michael Kershaw ("dragorn") - I think Johnny Cache...
View ArticleClik here to view.
Simple Cross Site Scripting Vector That Webkit XSS Auditor Ignores
By Tushar Dalvi. Google Chrome has a lesser known feature named “XSSAuditor” that was added to help mitigate reflective XSS. Its contained as a part of the Webkit and works very similarly to NoScript...
View ArticleClik here to view.
Carving BUPs By Hand
By Tony Lee. We released a couple of tools aimed at reversing a McAfee Quarantined BUP file in the previous article titled: UnBup – McAfee BUP Extractor for Linux. However, we recently ran into a...
View ArticleClik here to view.
Hacking USB Webkeys
By Brad Antoniewicz. USB Webkeys (also known as my:keys, Intelligent Web Keys, iKeys, Internet Keys, SQUIBkeys, BuzzCards, and Bonpals) are marketing tools that you’ll commonly come across at trade...
View ArticleClik here to view.
Remediation Help: Microsoft Windows Remote Desktop Protocol Server...
By Tony Lee. If your organization has had an vulnerability scan recently, you have probably run across a "Microsoft Windows Remote Desktop Protocol Server Man-in-the-Middle Weakness" (or similiar)...
View ArticleClik here to view.
OMFW and OSDFC Recap
By Glenn P. Edwards Jr.Recently I had the pleasure to attend both the Open Memory Forensics Workshop (OMFW) and Open Source Digital Forensics Conference (OSDFC). While some of you reading this may have...
View ArticleClik here to view.
Pentest Scripts: Verifying NTP Reserved Mode Denial of Service
By Gursev Singh Kalra. I recently needed to check a NTP Reserved Mode Denial of Service vulnerability CVE-2009-3563, but without causing the DoS condition on the production server. The issue comes up...
View ArticleClik here to view.
Hacking KeyLoggers
By Mike Spohn and Brad Antoniewicz. Our forensics investigations often result in us having to identify odd devices left over by attackers. So when we recently had to investigate a suspicious USB device...
View ArticleClik here to view.
Comcast and DOCSIS 3.0 - Worth the upgrade?
By Tony Lee. There doesn't seem to be a whole lot of useful information about Comcast's DOCSIS v3.0 upgrade available on the web, so I figured I would post my findings. About a month back I received a...
View ArticleClik here to view.
for loops! Bash One-liners to Validate Vulnerabilities on Multiple Hosts
By Amit Bagree. This is a quick blog post on one-liners. Recently I was working on manually validating vulnerabilities for a customer with a very large Internet presence. There were a lot of findings -...
View ArticleClik here to view.
Hacking Through Language Barriers
By Tony Lee and Chris Lee. When assessing a global corporation's external network, a security consultant may not immediately realize geographically where in the world they may end up. We are often...
View ArticleClik here to view.
Dumping iClass Keys
By Brad Antoniewicz. iClass, arguably the second most widely deployed technology in proximity card access systems (the first being the ProxCard II), is a proprietary RFID communications standard and...
View ArticleClik here to view.
Solder Time! FaceDancer11 and GoodFET41 Assembly
By Brad Antoniewicz and Tushar Dalvi. At Recon 2012 Travis Goodspeed and Sergey Bratus released the Facedancer, an extremely flexible piece of hardware for emulating and tinkering with USB devices....
View ArticleClik here to view.
WAPT Workaround: Following Redirects without Downloading Content
By Tony Lee and Amit Bagree. We get some very unique requests from time to time—such as: “Please walk the site with sequential file IDs in order to gather file type statistics. Oh yeah, do this from...
View ArticleClik here to view.
Testing Your Defenses - Beaconing
By Tony Lee. You have invested time, effort, and money in defenses. But, how do you know they are working? Unless you are willing to intentionally get owned or you want to introduce a piece of malware...
View ArticleClik here to view.
Hacking the Wiegand Serial Protocol
By Brad Antoniewicz. "Wiegand" is used to describe a number of different things used within access control systems such as the format in which data is stored on a card, the protocol which is used to...
View Article