Our researchers not only find known types of vulnerabilities in our customers' products, but continually push the envelope of global security knowledge by inventing new attack methods, discovering new vulnerability classes and finding ways to exploit various peculiarities that were previously thought unexploitable. While most of our research is done directly for customers under non-disclosure terms, we occasionally manage to find time for our own research projects that can be published. You're welcome to browse our blog for more interesting bits of our research.
|
|
Research:
|
Web Browser Security |
Link:
|
Google Chrome HTTPS Address Bar Spoofing
|
Abstract:
|
The "Web Browser Security" research project is our ongoing internal research project where we search for vulnerabilities in various web browsers that could help us with our penetration test service. In our realistic simulation of an "Advanced Persistent Threat" attack, we usually need to obtain control over one or more computers inside the target network and vulnerabilities in web browsers are most suitable for completing this task.
|
|
|
Research:
|
Banking Security |
Links:
|
Anatomy Of An Online Bank Robbery
Public posts about banking security
|
Abstract:
|
The "Banking Security" research project is our ongoing research project made possible by our frequent security analyses of online and back-end banking systems. We're continually finding new ways for exploiting the business logic of banking applications, especially in the new banking products that regularly emerge on the market. As a side product of this research, we're maintaining a procedure for comprehensive security review of various banking systems, making sure that none of the known or less known vulnerabilities have been left in the code or in configuration.
|
|
|
Research:
|
File Planting |
Links:
|
Binary Planting Goes "Any File Type"
Google Chrome pkcs11.txt File Planting
|
Abstract:
|
The "File Planting" research project emerged as a spin-off from the "Binary Planting"
project when our researchers noticed that not only libraries and executables, but also generic data
or configuration files are often being loaded by applications from the current working directory. These
files, if maliciously planted by attackers, can instruct applications to do interesting things, for
instance disable security mechanisms or execute remote code.
|
|
|
Research:
|
Binary Planting |
Site:
|
Binary Planting - The Official Web Site
|
Abstract:
|
The research was focused on various types of vulnerabilities where an attacker
with low privileges can place (i.e., "plant") a malicious executable file (i.e., "binary") to some
possibly remote location and get it launched by some vulnerable application running on user's
computer. We found that binary planting vulnerabilities are affecting a large percentage of Windows
applications and often allowing for trivial exploitation. We identified ~520 remotely exploitable
bugs in ~200 widely-used Windows applications.
|
|
|
Research:
|
Session Fixation |
Paper:
|
Session Fixation Vulnerability in Web-based Applications
|
Abstract:
|
Many web-based applications employ some
kind of session management to create a user-friendly environment.
Sessions are stored on server and associated with respective
users by session identifiers (IDs). Naturally, session
IDs present an attractive target for attackers, who, by
obtaining them, effectively hijack users' identities. Knowing
that, web servers are employing techniques for protecting
session IDs from three classes of attacks: interception,
prediction and brute-force attacks. This paper reveals
a fourth class of attacks against session IDs: session
fixation attacks. In a session fixation attack, the attacker
fixes the user's session ID before the user even logs into
the target server, thereby eliminating the need to obtain
the user's session ID afterwards. There are many ways for
the attacker to perform a session fixation attack, depending
on the session ID transport mechanism (URL arguments, hidden
form fields, cookies) and the vulnerabilities available
in the target system or its immediate environment. The
paper provides detailed information about exploiting vulnerable
systems as well as recommendations for protecting them
against session fixation attacks.
|
|
|
|
|
|