Young hacker smiling

Zero false positives

Expert intelligence + effective automation

heartbleed official logo

My heart bleeds (but not for you)

Understanding the flaw behind Heartbleed

Back in April 2014, one of the biggest vulnerabilities in recent history was found, HeartBleed. The popular open source cryptographic software library OpenSSL, had a critical flaw, [1] in the implementation of a extension on the Transport Layer Security (TLS) protocol. The wide use of OpenSSL on several services such …



Python proofreading a document

Pars orationis non est secura

Using parser combinators to detect flaws

We like bWAPP around here, because it’s very buggy!. We have shown here how to find and exploit vulnerabilities like SQL injection, directory traversal, XPath injection, and UNIX command injection. All of these have one thing in common, namely: they could have been prevented with a little Input Validation …



Pythia and supplicant in the Oracle of Delphi

The Oracle of Code

About code as data

“Most programs are too large to understand in complete detail”. This was written in the 80’s.[1] Imagine the situation today. Hence the need for automated tools to aid in the process of analyzing code. The solution, according to Oege de Moor from Semmle, is obvious: treat code as …



O'Reilly XML book cover

XML: eXploitable Markup Language

XPath injection on XML files

Markup languages are “systems for annotating a document in a way that is syntactically distinguishable from the text.” [1] What does that really mean? I reckon that’d be better understood with examples. But before, a warning: if you use them for sensitive information storage, you should be really careful …



Orion carrying Cedalion

Stand on the shoulders of giants

About software composition analysis

In our last post, we reproduced the discovery of a vulnerability in libpng. But that is only a small library, you might say, with a very limited scope and only 556 KiB installed. However, many, many packages depend on it. To see how many packages in the Arch Linux repository …



Infinite Monkey Theorem

The infinite monkey fuzzer

Fuzz testing using American Fuzzy Lop

In our last entry, we argued that fuzzing is both “dumb” and surprising. In this article, we’ll continue exploring the possibilities of fuzzing. This time though, we’ll focus on desktop application fuzzing, specifically UNIX applications written in C. When developing in C, you usually have to handle memory …



Fuzzy caterpillar

Fuzzy bugs online

Fuzz techniques for attacking web applications

Web fuzzing is an automated, computerized technique to find bugs and vulnerabilities within a computer system. If you think protecting your site is a matter of simply blocking the most common types of malicious requests, think again. Read on. Injecting SQL into a vulnerable site A fairly common situation is …



Blank CSV document icon

Is that CSV Secure?

Defining CSV injection vulnerabilities

Comma-Separated Values file (or CSV) is a type of file that stores tabular data, numbers and text in plain text. Each line of the file is a data record and each record consists of one or more fields separated by commas. CSV is a common data exchange format that is …



Doll using a magnifying glass while searching through a set of data

Symbolic execution for mortals

What is it and how it works

In 2003 the Defense Advanced Research Projects Agency, DARPA, announced the Cyber Grand Challenge, a two-year competition seeking to create automatic systems for vulnerability detection, exploitation, and patching in near real-time which brought quite a big and complex task to the table. With this task symbolic...



Yellow puzzle missing one piece, shown in red

Reversing for mortals

Solving Yoire crackme average challenge

It’s hard to really know where to start when you’re new to hacking. When I first started to get into the hacking world I came across something called Reverse Engineering, the art of de-constructing some product followed by a detailed analysis and revision of its composition and its …



Free wifi sign

Stupid neighbours using WEP

Solving Yashira WEP Security challenge

Wi-Fi security has not always been the best. The first attempt at securing Wi-Fi access points was termed Wired Equivalent Privacy (WEP). WEP is a security algorithm that was implemented on IEEE 802.11 wireless networks. The original 802.11 wireless standard was ratified in 1997 to include this enhancement …




Service status - Terms of Use