InfoSec

Home/InfoSec

Shells in Your Serial – Exploiting Java Deserialization on JBoss

Shells in Your Serial - Exploiting Java Deserialization on JBoss Background I read a fantastic write-up by Stephen Breen of FoxGlove Security earlier this month describing a vulnerability, present in several common Java libraries, related to the deserialization of user input. His post goes fairly in depth into how the vulnerability works, so [...]

By |2019-02-05T12:17:46+00:00November 18th, 2015|Categories: InfoSec|9 Comments

Practical Guide to exploiting the unquoted service path vulnerability in Windows

Practical Guide to exploiting the unquoted service path vulnerability in Windows What is the unquoted service path vulnerability in Windows? When a service in Windows is started, Windows has to try to find it. Usually, this is an easy task because the path is well-defined and contained in quotation marks. Like this example [...]

By |2019-02-05T12:17:46+00:00September 10th, 2015|Categories: InfoSec|3 Comments

Exploiting .NET Padding Oracle Attack MS10-070 (CVE-2010-3332) and Bypassing Microsoft’s Workaround

Exploiting .NET Padding Oracle Attack MS10-070 (CVE-2010-3332) and Bypassing Microsoft's Workaround This post was originally writen in October of 2010, and has been lightly updated in 2015. This week I ran into my first ASP.NET site since MS10-070.  I had read Bryan Holyfield and Giorgio Fedon's posts, which were great posts with groundbreaking information, although it was [...]

By |2019-02-05T12:17:46+00:00April 20th, 2015|Categories: InfoSec|0 Comments

Browser URL Encoding Decoding and XSS

Browser URL Encoding Decoding and XSS This article was originally written in early 2010, and has been lightly updated in 2015. Cross-site scripting attacks can be difficult to reproduce because of browser issues.  This problem is exacerbated by the fact that there is very little information regarding URL encoding and decoding.  Hopefully this will help [...]

By |2019-02-05T12:17:46+00:00April 20th, 2015|Categories: InfoSec|0 Comments

TrustFoundry at TriKC 0x01

TrustFoundry at TriKC 0x01 On November 12th, TrustFoundry will be competing at TriKC 0x01 in Overland Park, KS.  Come see Matt South present on finding vulnerabilities using grey-box PHP analysis, and Alex Lauerman present on using software defined radio to find weaknesses in proprietary communication protocols.  More info and registration can be found at http://trikc.seckc.org.   [...]

By |2019-02-05T12:17:46+00:00November 9th, 2014|Categories: InfoSec|0 Comments

Building a Presentation Recording Setup

Building a Presentation Recording Setup After seeing countless great presentations at SecKC, it was clear that a recording setup was needed to capture the wonderful content so it could be leveraged by others. I wanted to quickly document what we are using to record, in case it is helpful for others trying to record and distribute knowledge. [...]

By |2019-02-05T12:17:46+00:00June 17th, 2014|Categories: InfoSec|2 Comments

Is Security Worth it?

Is Security Worth it? I have had a passion to determine the real impact that security has on business.  After performing detailed quantitative analysis and modeling on a limited data set, we have determined the point at which breach impact is maximized.  This research and analysis and a review of previous research will be discussed on May 13th at Secure [...]

By |2019-02-05T12:17:46+00:00April 21st, 2014|Categories: InfoSec|0 Comments