Padding Oracle On Downgraded Legacy Encryption (POODLE)
Published: 25 October 2022 Last Updated: 03 November 2022
Padding Oracle On Downgraded Legacy Encryption (POODLE) is an attack against SSLv3.0. It exploits two aspects of SSLv3.0. The first aspect involves an attacker performing an interception attack and modify network traffic between a client and server, downgrading the connection to SSLv3.0. The second aspect is a padding oracle issue with block ciphers in cipher-block chaining mode in SSLv3.0 which allows an attacker to decrypt small amounts of ciphertext within messages, such as session tokens and confidential cookie values.
Continue Reading
Factoring RSA Export Keys (FREAK)
Published: 21 October 2022 Last Updated: 05 July 2023
Factoring RSA Export Keys (FREAK) is an attack against “export ciphers suites” which are cipher suites that have intentionally limited security due to prior regulation within the United States. This regulation placed restrictions on the strength of encryption algorithms used in software for exportation. This attack was demonstrated in 2015 and can allow a threat actor who is able to perform an interception attack against HTTPS traffic to decrypt message contents.
Continue Reading
RC4 NOMORE
Published: 21 October 2022 Last Updated: 03 November 2022
An attack against RC4 was demonstrated in 2015. This attack affects the use of RC4 in several protocols, including within Transport Layer Security (TLS) used by web browsers and web applications but also within WPA-TKIP used by wireless networks. This weakness in RC4 when applied to TLS can allow an attacker to decrypt a small amount of repeated content, such as a session token or other sensitive cookie values.
Continue Reading
Browser Reconnaissance & Exfiltration via Adaptive Compression of Hypertext (BREACH)
Published: 21 October 2022 Last Updated: 03 November 2022
Browser Reconnaissance & Exfiltration via Adaptive Compression of Hypertext (BREACH) is a vulnerability similar in nature to CRIME, but where CRIME affected TLS/SPDY compression, BREACH affects HTTP compression. Where an application supports HTTP compression, reflects user-input within response bodies, and includes confidential information in that body – such as a CRSF token, it may be affected by BREACH. This attack was demonstrated as practical in 2013.
Continue Reading
Return of Bleichenbacher’s Oracle Threat (ROBOT)
Published: 21 October 2022 Last Updated: 05 July 2023
Return of Bleichenbacher’s Oracle Threat (ROBOT) is a padding oracle vulnerability that allows a threat actor to illegitimately perform RSA decryption and signing operations with the private key of a TLS server. The attack would allow an attacker to intercept communications and later decrypt them.
Continue Reading
TLS/SSL Vulnerabilities
Published: 21 October 2022 Last Updated: 03 November 2022
Look, there's a whole bunch of vulnerabilities in Secure Sockets Layer (SSL) and Transport Layer Security (TLS) and it can be difficult to keep up with them all, even if they have fancy names and logos! So here's a quick summary of each for you.
Continue Reading
Decrypting RSA with Obsolete and Weakened Encryption (DROWN)
Published: 21 October 2022 Last Updated: 05 July 2023
Decrypting RSA with Obsolete and Weakened Encryption (DROWN) is a vulnerability in servers that support Secure Sockets Layer (SSL) version 2.0. It is a form of cross-platform Bleichenbacher padding oracle attack and would allow a threat actor that is able to perform an interception attack to decrypt intercepted TLS connections by making specially crafted connections to an SSLv2 server that uses the same private key.
Continue Reading
Compression Ration Info-leak Made Easy (CRIME)
Published: 21 October 2022 Last Updated: 03 November 2022
Compression Ration Info-leak Made Easy (CRIME) is a vulnerability in the compression used in Secure Sockets Layer (SSL) and Transport Layer Security (TLS). It also affects Google’s HTTP-like protocol SPDY. It requires an attacker to perform an interception attack but if successful could allow for the decryption of session tokens and other sensitive cookie values. The attack was demonstrated as practical in 2012.
Continue Reading
Browser Exploit Against SSL/TLS (BEAST)
Published: 21 October 2022 Last Updated: 05 July 2023
BEAST is an attack that exploits several weaknesses within Transport Layer Security (TLS) 1.0 and older SSL protocols when using a CBC-mode cipher. The flaw is not strictly within the Transport Layer Security protocol itself, but is instead a known issue with Cipher Block Chaining (CBC).
Continue Reading
Your Vulnerability Management Sucks
Published: 16 March 2022 Last Updated: 03 July 2023
On March 16th I had the pleasure of speaking at the Yorkshire Cyber Security Cluster about Vulnerability Management. I've included my slides from the presentation and some speaker notes on the content covered here.
Continue Reading
HTTP Security Headers: Cache-Control
Published: 21 February 2022 Last Updated: 03 July 2023
The Cache-Control HTTP server response header specifies whether the server response can be cached by the web browser and any interim devices such as web proxies. Generally, if the content of the page includes confidential information, then it should not be cached, as if confidential information is cached on user's device, and that device is a public device, or shared with other users then the information may be compromised by another user with access to the device.
Continue Reading
HTTP Security Headers: X-Frame-Options
Published: 21 February 2022 Last Updated: 03 July 2023
The X-Frame-Options header can be used to specify whether a web browser should be allowed to render the target page in a frame (such as a frame, iframe, embed, or an object tag). This can be used to prevent attacks such as ClickJacking.
Continue Reading
[Webinar] Your Security Testing Sucks
Published: 10 February 2022 Last Updated: 03 July 2023
Akimbo hosted a Webinar to cover hints and tips about how to implement effective penetration testing. We're sharing the recording for those that couldn't make it on the day!
Continue Reading
[Webinar] What Has Awareness Ever Given Us?
Published: 17 January 2022 Last Updated: 03 July 2023
Akimbo joined Ian Murphy from CyberOff for a Webinar to cover hints and tips about how to implement effective security awareness. We're sharing the recording for those that couldn't make it on the day!
Continue Reading
[Webinar] Your System Hardening Sucks
Published: 17 December 2021 Last Updated: 03 July 2023
Akimbo hosted a Webinar to cover hints and tips about how to implement effective system hardening. We're sharing the recording for those that couldn't make it on the day!
Continue Reading