Tag: Security Vulnerabilities

Hacking an Aftermarket Remote Start System (Part 2)

Blog Post

Android Mobile Security

In part two of this series, we’ll dive deeper into the technical specifications of the CarLinkBT module. We’ll also discuss the dynamic analysis and testing performed to confirm our findings. Finally, we’ll walk through the process of developing an exploit for this vulnerability.

Read more

MiTM Attack Between Target Windows Machines and a DNS Server

Blog Post

Backdoor Attack

When performing this attack, we will find two different scenarios. #1: the attacker machine, the victim, and the DNS server are all in the same network segment. #2: the attacker machine is in the same network segment of the Windows victims and the DNS server is placed in another network segment.

Read more

Windows Userland Application Attack Surface Enumeration

Blog Post

Inside the domain of vulnerability research, many different methodologies exist for how a researcher may start their journey with auditing an application. This blog provides information on how to enumerate the attack surface of userland applications that are deployed on the Windows operating system.

Read more

libSSH Vulnerability: Do You Have to Worry?

Blog Post

Security Vulnerabilities

In October 2018, it was revealed that there existed an authentication bypass vulnerability in the libSSH library. This immediately gained attention of the InfoSec media, which started throwing around wild speculations about its scope and impact.

Read more

VerSprite Reacts: No Shortcuts in Cybersecurity

Blog Post

Following recent news reports of substantial data breaches, devastating leaks, and even savvy executives falling prey to phishing attacks, there is renewed interest in making sure that people are protected when they use their devices.

Read more

VerSprite Reacts: Managing Global Risks of Emerging AI Technology

Blog Post

Enterprise Data Security

Increasingly sophisticated artificial intelligence (AI) capabilities make headlines daily. AI also comes with a range of security vulnerabilities, some of which can exacerbate a company’s exposure not only to cybersecurity issues, but also geopolitical risk.

Read more

APT MiTM (Man-in-The-Middle) Package Injection

Blog Post

Security Vulnerabilities

A practical approach to perform a MiTM (Man-in-The-Middle) attack against a version of APT (Advanced Packet Tool) used until recently by Debian 7 (which just reached its EOL in May 2018).

Read more

Hacking an Aftermarket Remote Start System (Part 1)

Blog Post

Security Vulnerabilities

The trend of automotive security research began in the 2010s and has resulted in the discovery of several critical security issues within modern vehicles. Hackers have repeatedly demonstrated their ability to remotely track, steal, and control a variety of unaltered vehicles.

Read more

Secure Development of Payment Applications

Video

PCI DSS Compliance

In this presentation, we share our Point-of-Sale security research which has revealed a multitude of concerns regarding the secure development of payment applications.

Read more

XML EXTERNAL ENTITY (XXE) Processing

Blog Post

Security Vulnerabilities

According to the 2017 OWASP Top 10, XML External Entity (XXE) processing is has taken the number spot for critical web application security risks.

Read more

Unknown jQuery-File-Upload Vulnerability Used for Years

Blog Post

Larry Cashdollar, a Senior Security Response Engineer at Akamai, publicly disclosed the details of a vulnerability in the jQuery File Upload plugin (CVE-2018-9206).

Read more

Multiple Vulnerabilities in Mercury Browser for Android Version 2.2.2 & 3.0.0

Blog Post

Security Vulnerabilities

An insecure implementation of the intent URL scheme revolves around theIntent.parseUri() method. The first thing we did when reversing the Mercury Browser..

Read more

We are an international squad of professionals working as one.

Email

[email protected]

logos