We are pleased to announce that two of our security consultants, Graham Sutherland and Tim Brown, will be presenting at the upcoming BSides London security conference on the 29th of April.
BSides London is an annual community-driven security conference which, this year, will be taking place at the Kensington and Chelsea Town Hall in London.
Graham’s talk coincides with the disclosure of a set of vulnerabilities in the administration features of the Citrix NetScaler appliance, which will be discussed in the talk. Continue reading
The Team has updated its SSL Good Practice Guide to incorporate the recent Heartbleed attack. Continue reading
Some time ago I was on an internal infrastructure pentest job where I found a web server that hosted the TimeLive application. I had never heard of this application, and since I was looking at a login page, I opened a browser to my favourite search engine. The following is a brief explanation of things that I shouldn’t have found. Continue reading
As previously mentioned in SSL: Light at the end of the tunnel, today is the day that our SSL recommendations officially change. From today onwards the Team recommend only TLS versions 1.1 and 1.2. Up until now the Team have accepted the need for SSLv3 and TLSv1 for compatibility reasons, however the time has come to cut the cord. The loss of compatibility should only affect legacy systems. If these systems cannot be updated to support the newer protocols, then weak SSL is likely to be the least of your security concerns! Continue reading
In this article, we will explore the various components that make up the VMware vSphere platform, and briefly touch on the most important of these from the perspective of the security professional. Continue reading
This post describes how network eavesdroppers might record encrypted RDP sessions and at some later time (after a server compromise) be able to decrypt them. This could expose any data sent over the RDP connection including keystrokes, usernames and passwords. Continue reading
Recently the technical team had a discussion about subversive attack vectors that could be utilised by social engineering attacks to provide a long term remote connection to a network whilst remaining undetected. Continue reading
This post seeks to demonstrate why users learning to ignore those certificate warnings for SSL-based RDP connection could leave them open to “Man-In-The-Middle” attacks. The MiTM attack demonstrated displays keystrokes sent during an RDP session. We conclude with some advice on how to avoid being the victim of such an attack. Continue reading
Alternate Data Streams (ADS) have been present in modern versions of Windows for a long time. If you are using a NTFS filesystem, you can bet that you are using them. As penetration testers, we can use that OS-specific feature in our advantage. In the following posts information required to understand and identify potential ADS-related issues will be provided. This post will provide the required background to understand some common scenarios that could be useful during the penetration testing engagements. Continue reading
SQL Server has a number of components that allow clients to connect and communicate with it. Microsoft introduced the term, “Surface Area Reduction” as a security measure that involves stopping or disabling unused components. Like the name suggests, it reduces the number of ways that an attacker could try to interrogate the SQL Server. Continue reading