Young hacker smiling
The Treacherous POODLE

The Treacherous POODLE

How does the SSL fallback's works
Quill icon Daniel Yepes   Folder icon attacks   Tag icon ssl,  flaw,  cbc

A gas vendor, each week receives gas, which he stores in pipes and discretely refills them with water. Each day sells this gas to his clients, unbeknown to an "auditor" in black robes - aka Poodle - paying attention to this situation. One day the "auditor" undercover, tells the vendor he will …

Release the beast

Release the BEAST!

Understanding the BEAST
Quill icon Daniel Yepes   Folder icon attacks   Tag icon tls,  cbc,  vulnerability

The Browser Exploit Attack on SSL/TLS (B.E.A.S.T), - bet you thougth it was a rampage hack that launched nukes - it is a practical attack demonstrated by Thai Duong and Julian Rizzo at ekoparty in 2011. That was the lamest introduction ever, it’s not because the …

heartbleed official logo

My heart bleeds (but not for you)

Understanding the flaw behind Heartbleed
Quill icon Daniel Yepes   Folder icon attacks   Tag icon vulnerability,  bug,  openssl

Back in April 2014, one of the biggest vulnerabilities in recent history was found, HeartBleed. The popular open source cryptographic software library OpenSSL, had a critical flaw, [1] in the implementation of a extension on the Transport Layer Security (TLS) protocol. The wide use of OpenSSL on several services such …

Python proofreading a document

Pars orationis non est secura

Using parser combinators to detect flaws
Quill icon Rafael Ballestas   Folder icon attacks   Tag icon detect,  injection,  scanner

We like bWAPP around here, because it’s very buggy!. We have shown here how to find and exploit vulnerabilities like SQL injection, directory traversal, XPath injection, and UNIX command injection. All of these have one thing in common, namely: they could have been prevented with a little Input Validation …

Pickled cucumbers

Gherkin on steroids

How to document detailed attack vectors
Quill icon Rafael Ballestas   Folder icon documentation   Tag icon documentation,  vector,  software

In the field of information security and ethical hacking, finding all vulnerabilities is as important as reporting them as soon as possible. For that, we need an effective means to communicate with all stakeholders. We have proposed before using the bussiness-readable, domain-specific language Gherkin. In that...

Weak bicycle lock with words

Requiem for a p455w0rD

Why passphrases are better than passwords
Quill icon Rafael Ballestas   Folder icon identity   Tag icon password,  credential,  security

What would you rather have at your home door: a simple, weak key that needs to be changed every other week, or a one-time-setup, state-of-the-art, virtually unpickable cruciform key? Figure 1. Lock key comparison via Locksmith Ledger. That’s just the difference between rotating short passwords vs having one good …

Pythia and supplicant in the Oracle of Delphi

The Oracle of Code

About code as data
Quill icon Rafael Ballestas   Folder icon attacks   Tag icon testing,  application,  detect

“Most programs are too large to understand in complete detail”. This was written in the 80’s.[1] Imagine the situation today. Hence the need for automated tools to aid in the process of analyzing code. The solution, according to Oege de Moor from Semmle, is obvious: treat code as …

O'Reilly XML book cover

XML: eXploitable Markup Language

XPath injection on XML files
Quill icon Rafael Ballestas   Folder icon attacks   Tag icon xml,  xpath,  injection

Markup languages are “systems for annotating a document in a way that is syntactically distinguishable from the text.” [1] What does that really mean? I reckon that’d be better understood with examples. But before, a warning: if you use them for sensitive information storage, you should be really careful …

Orion carrying Cedalion

Stand on the shoulders of giants

About software composition analysis
Quill icon Rafael Ballestas   Folder icon attacks   Tag icon testing,  dependency,  vulnerability

In our last post, we reproduced the discovery of a vulnerability in libpng. But that is only a small library, you might say, with a very limited scope and only 556 KiB installed. However, many, many packages depend on it. To see how many packages in the Arch Linux repository …

Person playing chess against a robotic arm

Will machines replace us?

Automatic detection vs manual detection
Quill icon Andres Cuberos   Folder icon philosophy   Tag icon application,  detect,  vulnerability,  scanner

More than 20 years have passed since Garry Kasparov, the chess world champion, was defeated by Deep Blue, the supercomputer designed by IBM. For many people, that event was proof that machines had managed to exceed human intelligence [1]. This believe raised many doubts and concerns regarding technological advance, that …

Infinite Monkey Theorem

The infinite monkey fuzzer

Fuzz testing using American Fuzzy Lop
Quill icon Rafael Ballestas   Folder icon attacks   Tag icon fuzzing,  application,  testing

In our last entry, we argued that fuzzing is both “dumb” and surprising. In this article, we’ll continue exploring the possibilities of fuzzing. This time though, we’ll focus on desktop application fuzzing, specifically UNIX applications written in C. When developing in C, you usually have to handle memory …

Fuzzy caterpillar

Fuzzy bugs online

Fuzz techniques for testing web applications
Quill icon Rafael Ballestas   Folder icon attacks   Tag icon sql,  fuzzing,  injection

Web fuzzing is an automated, computerized technique to find bugs and vulnerabilities within a computer system. If you think protecting your site is a matter of simply blocking the most common types of malicious requests, think again. Read on. Injecting SQL into a vulnerable site A fairly common situation is …

Page 1 of 3

Service status - Terms of Use