Articles

There’s a lot of media articles out there covering CVE-2024-3094 and, as usual, a lot of them are hyped up and covered in annoying adverts. So, I wanted to put together a “short story” version of the situation. The very short story is that a threat actor managed to add ...

Habitually in our articles we use the term “Threat Actors” where you might expect us to use a term like “attacker” or “cybercriminal”. So why do we do that? In short, we find that threat actor is a more accurate term where something like “cybercriminal” may, in some cases, be ...

Introduction I recently wrote a quick start guide to hardening SSL/TLS configurations, to help people to better understand all the different aspects of securing their transport layer security configuration – however, during that article I skipped over a big section: SSL Certificates. In this article, we’ll focus on the certificates themselves and ...

Introduction Secure Sockets Layer (SSL) was a protocol designed to protect network traffic in transit, however it was superseded by Transport Layer Security (TLS) in 1999. These protocols are well-known for protecting web traffic with HTTPS. However, they can be used to protect lots of different kinds of traffic, for ...

A couple of years ago I wrote an article about hashcracking with Hashcat and AWS; but that was back on Ubuntu 16.04 and it involved manually compiling the packages. So I thought I’d best update it for Ubuntu 22.04 and why not use the Nvidia ubuntu repos to make things easier ...

Akimbo hosted a Webinar to cover hints and tips about running more effective Security Awareness Training. We’re sharing the recording for those that couldn’t make it on the day! If you’d like more information about any of the content covered, or if you’d like to discuss a training requirement then ...

Username enumeration within web applications is a solvable problem – but I often see web administrators either ignore the issue because they don’t think it’s significant enough to address, or they think it’s not possible to fully address it. So, let’s explore the difficulty here, and I’ll give some examples ...

What is Multifactor Authentication? An authentication factor is something that is supplied to verify an identity – the most common example of an authentication factor is a password, a secret word used to authenticate yourself for access to an account. Multi-factor authentication is the requirement to supply several factors during ...

After publishing yesterday’s article about how frequently you should get a penetration test, I inadvertently started a discussion on Twitter about another aspect of penetration testing delivery: Should you change providers, or you should stick with who you know? The argument I usually hear in favour of regularly changing security providers is that ...

With modern platforms such as WordPress, WooCommerce, Magento, and Shopify, it’s now easier than ever to create an online store. However, many online retailers are not cybersecurity experts and might not be sure where to get started with securing their site. The endless possibilities of e-commerce have saved lots of ...

The truth is, it’s very unlikely you’ll even get a strong answer from an organisation as to how frequently you should test. Even organisations like the NCSC, who offer guidance to UK businesses on how to stay secure, don’t give a direct answer to the question. However, they may comment ...

Choosing a PenTesting provider can be difficult, how do you know if they’re good at what they do and they’ll make working together easy? Perhaps you have a provider already, but they’ve not lived up to your expectations. Since choosing a testing provider is a critical part of your cybersecurity ...

Sweet32 describes a birthday attack on 64-bit block ciphers. This attack has been demonstrated against both 3DES and Blowfish, against both VPNs as well as HTTPS traffic. This attack allows an attacker who can perform an interception attack to decrypt small amounts of ciphertext, such as session tokens and other ...

Regular penetration testing (e.g. often annual) carried out be experienced professional testers can seem expensive – and in these times, when every penny counts, its easy to make the mistake of thinking that pen testing is poor value. However, the truth is that pen testing used as part of a comprehensive ...

Ok, we get it: everyone is under pressure to squeeze every penny of value from any company expenditure nowadays. No one has any slack in the budget, its always time to sweat the suppliers. So, how can you obtain the best value from your Penetration Testing spend? Here at Akimbo ...

Padding Oracle On Downgraded Legacy Encryption (POODLE) is an attack against SSLv3.0. It exploits two aspects of SSLv3.0. The first aspect involves an attacker performing an interception attack and modify network traffic between a client and server, downgrading the connection to SSLv3.0. The second aspect is a padding oracle issue ...

The use of Cipher Block Chaining (CBC) mode ciphers is “discouraged”. This term is used as these cipher suites have not been formally deprecated but have effectively been superseded. For example, later version of Transport Layer Security support more secure cipher mode options such as Galois/Counter Mode (GCM) ciphers. Additionally, ...

Lucky 13 is a padding oracle vulnerability against CBC-mode ciphers in TLS that utilises a timing side-channel. This issue is due to a flaw within the SSL/TLS specification and is not implementation specific, however implementations may be able to harden against exploitation of this issue and prevent exploitation by removing ...

BEAST is an attack that exploits several weaknesses within Transport Layer Security (TLS) 1.0 and older SSL protocols when using a CBC-mode cipher. The flaw is not strictly within the Transport Layer Security protocol itself, but is instead a known issue with Cipher Block Chaining (CBC). Although fixed in TLSv1.1. ...

Compression Ration Info-leak Made Easy (CRIME) is a vulnerability in the compression used in Secure Sockets Layer (SSL) and Transport Layer Security (TLS). It also affects Google’s HTTP-like protocol SPDY. It requires an attacker to perform an interception attack but if successful could allow for the decryption of session tokens ...

Decrypting RSA with Obsolete and Weakened Encryption (DROWN) is a vulnerability in servers that support Secure Sockets Layer (SSL) version 2.0. It is a form of cross-platform Bleichenbacher padding oracle attack and would allow a threat actor that is able to perform an interception attack to decrypt intercepted TLS connections by making ...

Look, there’s a whole bunch of vulnerabilities in Secure Sockets Layer (SSL) and Transport Layer Security (TLS) and it can be difficult to keep up with them all, even if they have fancy names and logos! So here’s a quick summary of each for you:

Return of Bleichenbacher’s Oracle Threat (ROBOT) is a padding oracle vulnerability that allows a threat actor to illegitimately perform RSA decryption and signing operations with the private key of a TLS server. The attack would allow an attacker to intercept communications and later decrypt them. For devices that are affected by this ...

Browser Reconnaissance & Exfiltration via Adaptive Compression of Hypertext (BREACH) is a vulnerability similar in nature to CRIME, but where CRIME affected TLS/SPDY compression, BREACH affects HTTP compression. Where an application supports HTTP compression, reflects user-input within response bodies, and includes confidential information in that body – such as a ...

An attack against RC4 was demonstrated in 2015. This attack affects the use of RC4 in several protocols, including within Transport Layer Security (TLS) used by web browsers and web applications but also within WPA-TKIP used by wireless networks. This weakness in RC4 when applied to TLS can allow an ...