Published: 25 October 2022    Last Updated: 03 November 2022

Padding Oracle On Downgraded Legacy Encryption (POODLE) is an attack against SSLv3.0. It exploits two aspects of SSLv3.0. The first aspect involves an attacker performing an interception attack and modify network traffic between a client and server, downgrading the connection to SSLv3.0. The second aspect is a padding oracle issue with block ciphers in cipher-block chaining mode in SSLv3.0 which allows an attacker to decrypt small amounts of ciphertext within messages, such as session tokens and confidential cookie values.

Published: 21 October 2022    Last Updated: 05 July 2023

Factoring RSA Export Keys (FREAK) is an attack against “export ciphers suites” which are cipher suites that have intentionally limited security due to prior regulation within the United States. This regulation placed restrictions on the strength of encryption algorithms used in software for exportation. This attack was demonstrated in 2015 and can allow a threat actor who is able to perform an interception attack against HTTPS traffic to decrypt message contents.

Published: 21 October 2022    Last Updated: 03 November 2022

An attack against RC4 was demonstrated in 2015. This attack affects the use of RC4 in several protocols, including within Transport Layer Security (TLS) used by web browsers and web applications but also within WPA-TKIP used by wireless networks. This weakness in RC4 when applied to TLS can allow an attacker to decrypt a small amount of repeated content, such as a session token or other sensitive cookie values.

Published: 21 October 2022    Last Updated: 03 November 2022

Browser Reconnaissance & Exfiltration via Adaptive Compression of Hypertext (BREACH) is a vulnerability similar in nature to CRIME, but where CRIME affected TLS/SPDY compression, BREACH affects HTTP compression. Where an application supports HTTP compression, reflects user-input within response bodies, and includes confidential information in that body – such as a CRSF token, it may be affected by BREACH. This attack was demonstrated as practical in 2013.

Published: 21 October 2022    Last Updated: 05 July 2023

Return of Bleichenbacher’s Oracle Threat (ROBOT) is a padding oracle vulnerability that allows a threat actor to illegitimately perform RSA decryption and signing operations with the private key of a TLS server. The attack would allow an attacker to intercept communications and later decrypt them.

Published: 21 October 2022    Last Updated: 03 November 2022

Look, there's a whole bunch of vulnerabilities in Secure Sockets Layer (SSL) and Transport Layer Security (TLS) and it can be difficult to keep up with them all, even if they have fancy names and logos! So here's a quick summary of each for you.

Published: 21 October 2022    Last Updated: 05 July 2023

Decrypting RSA with Obsolete and Weakened Encryption (DROWN) is a vulnerability in servers that support Secure Sockets Layer (SSL) version 2.0. It is a form of cross-platform Bleichenbacher padding oracle attack and would allow a threat actor that is able to perform an interception attack to decrypt intercepted TLS connections by making specially crafted connections to an SSLv2 server that uses the same private key.

Published: 21 October 2022    Last Updated: 03 November 2022

Compression Ration Info-leak Made Easy (CRIME) is a vulnerability in the compression used in Secure Sockets Layer (SSL) and Transport Layer Security (TLS). It also affects Google’s HTTP-like protocol SPDY. It requires an attacker to perform an interception attack but if successful could allow for the decryption of session tokens and other sensitive cookie values. The attack was demonstrated as practical in 2012.

Published: 21 October 2022    Last Updated: 05 July 2023

BEAST is an attack that exploits several weaknesses within Transport Layer Security (TLS) 1.0 and older SSL protocols when using a CBC-mode cipher. The flaw is not strictly within the Transport Layer Security protocol itself, but is instead a known issue with Cipher Block Chaining (CBC).

Published: 16 March 2022    Last Updated: 03 July 2023

On March 16th I had the pleasure of speaking at the Yorkshire Cyber Security Cluster about Vulnerability Management. I've included my slides from the presentation and some speaker notes on the content covered here.

Published: 21 February 2022    Last Updated: 03 July 2023

The Cache-Control HTTP server response header specifies whether the server response can be cached by the web browser and any interim devices such as web proxies. Generally, if the content of the page includes confidential information, then it should not be cached, as if confidential information is cached on user's device, and that device is a public device, or shared with other users then the information may be compromised by another user with access to the device.

Published: 21 February 2022    Last Updated: 03 July 2023

The X-Frame-Options header can be used to specify whether a web browser should be allowed to render the target page in a frame (such as a frame, iframe, embed, or an object tag). This can be used to prevent attacks such as ClickJacking.

Published: 10 February 2022    Last Updated: 03 July 2023

Akimbo hosted a Webinar to cover hints and tips about how to implement effective penetration testing. We're sharing the recording for those that couldn't make it on the day!

Published: 17 January 2022    Last Updated: 03 July 2023

Akimbo joined Ian Murphy from CyberOff for a Webinar to cover hints and tips about how to implement effective security awareness. We're sharing the recording for those that couldn't make it on the day!

Published: 17 December 2021    Last Updated: 03 July 2023

Akimbo hosted a Webinar to cover hints and tips about how to implement effective system hardening. We're sharing the recording for those that couldn't make it on the day!