Browser Reconnaissance & Exfiltration via Adaptive Compression of Hypertext (BREACH)
Published: 21 October 2022 Last Updated: 03 November 2022
Browser Reconnaissance & Exfiltration via Adaptive Compression of Hypertext (BREACH) is a vulnerability similar in nature to CRIME, but where CRIME affected TLS/SPDY compression, BREACH affects HTTP compression. Where an application supports HTTP compression, reflects user-input within response bodies, and includes confidential information in that body – such as a CRSF token, it may be affected by BREACH. This attack was demonstrated as practical in 2013.
Continue Reading
Return of Bleichenbacher’s Oracle Threat (ROBOT)
Published: 21 October 2022 Last Updated: 03 November 2022
Return of Bleichenbacher’s Oracle Threat (ROBOT) is a padding oracle vulnerability that allows an attacker to illegitimately perform RSA decryption and signing operations with the private key of a TLS server. The attack would allow an attacker to intercept communications and later decrypt them.
Continue Reading
TLS/SSL Vulnerabilities
Published: 21 October 2022 Last Updated: 03 November 2022
Look, there's a whole bunch of vulnerabilities in Secure Sockets Layer (SSL) and Transport Layer Security (TLS) and it can be difficult to keep up with them all, even if they have fancy names and logos! So here's a quick summary of each for you.
Continue Reading
Decrypting RSA with Obsolete and Weakened Encryption (DROWN)
Published: 21 October 2022 Last Updated: 03 November 2022
Decrypting RSA with Obsolete and Weakened Encryption (DROWN) is a vulnerability in servers that support Secure Sockets Layer (SSL) version 2.0. It is a form of cross-platform Bleichenbacher padding oracle attack and would allow an attacker that is able to perform an interception attack to decrypt intercepted TLS connections by making specially crafted connections to an SSLv2 server that uses the same private key.
Continue Reading
Compression Ration Info-leak Made Easy (CRIME)
Published: 21 October 2022 Last Updated: 03 November 2022
Compression Ration Info-leak Made Easy (CRIME) is a vulnerability in the compression used in Secure Sockets Layer (SSL) and Transport Layer Security (TLS). It also affects Google’s HTTP-like protocol SPDY. It requires an attacker to perform an interception attack but if successful could allow for the decryption of session tokens and other sensitive cookie values. The attack was demonstrated as practical in 2012.
Continue Reading
Browser Exploit Against SSL/TLS (BEAST)
Published: 21 October 2022 Last Updated: 03 November 2022
BEAST is an attack that exploits several weaknesses within Transport Layer Security (TLS) 1.0 and older SSL protocols when using a CBC-mode cipher. The flaw is not strictly within the Transport Layer Security protocol itself, but is instead a known issue with Cipher Block Chaining (CBC).
Continue Reading
Your Vulnerability Management Sucks
Published: 16 March 2022 Last Updated: 03 November 2022
On March 16th I had the pleasure of speaking at the Yorkshire Cyber Security Cluster about Vulnerability Management. I've included my slides from the presentation and some speaker notes on the content covered here.
Continue Reading
HTTP Security Headers: Cache-Control
Published: 21 February 2022 Last Updated: 03 November 2022
The Cache-Control HTTP server response header specifies whether the server response can be cached by the web browser and any interim devices such as web proxies. Generally, if the content of the page includes confidential information, then it should not be cached, as if confidential information is cached on user's device, and that device is a public device, or shared with other users then the information may be compromised by another user with access to the device.
Continue Reading
HTTP Security Headers: X-Frame-Options
Published: 21 February 2022 Last Updated: 03 November 2022
The X-Frame-Options header can be used to specify whether a web browser should be allowed to render the target page in a frame (such as a frame, iframe, embed, or an object tag). This can be used to prevent attacks such as ClickJacking.
Continue Reading
[Webinar] Your Security Testing Sucks
Published: 10 February 2022 Last Updated: 03 November 2022
Akimbo hosted a Webinar to cover hints and tips about how to implement effective penetration testing. We're sharing the recording for those that couldn't make it on the day!
Continue Reading
[Webinar] What Has Awareness Ever Given Us?
Published: 17 January 2022 Last Updated: 03 November 2022
Akimbo joined Ian Murphy from CyberOff for a Webinar to cover hints and tips about how to implement effective security awareness. We're sharing the recording for those that couldn't make it on the day!
Continue Reading
[Webinar] Your System Hardening Sucks
Published: 17 December 2021 Last Updated: 03 November 2022
Akimbo hosted a Webinar to cover hints and tips about how to implement effective system hardening. We're sharing the recording for those that couldn't make it on the day!
Continue Reading
[Webinar] Your Security Awareness Training Sucks
Published: 13 December 2021 Last Updated: 03 November 2022
Akimbo hosted a Webinar to cover hints and tips about running more effective Security Awareness Training. We're sharing the recording for those that couldn't make it on the day!
Continue Reading
The OWASP Top 10
Published: 03 December 2021 Last Updated: 03 November 2022
The "OWASP Top 10", an awareness document that is updated roughly every three years and covers ten significant categories of vulnerabilities that organisations should be concerned about. The vulnerability categories are ordered based on a combination of potential impact, exploitability, and prevalence. The latest version was released in September 2021
Continue Reading
ScotSoft: Building and Breaking Web Applications
Published: 11 October 2021 Last Updated: 03 November 2022
On October 7th I had the pleasure of speaking at ScotSoft 2021 about Penetration Testing and breaking Web Applications. I've included my slides from the presentation and some speaker notes on the content covered here.
Continue Reading