Software security flaws
Software vulnerabilities, security threats and mitigation strategies
Sunday, October 5, 2014
Software flaw #7: Solution
›
Vulnerability Vulnerability from this week is example of OS command injection class of errors. Main cause of this vulnerability is comple...
Wednesday, October 1, 2014
Software flaw #7
›
Not much time left this week so this time something really easy. Old plain CGI script written in Perl (one of levels from http://www.exploit...
Monday, September 29, 2014
Software flaw #6: Solution
›
Vulnerability Flaw covered this week is classical example of format string vulnerability . Problem is that the whole format string provid...
Monday, September 22, 2014
Software flaw #6
›
Vulnerable C code from one of overthewire.org levels: #include <stdlib.h> int main(int argc, char **argv) { if(argc) exit(0); ...
Saturday, September 6, 2014
Software flaw #5: NUL byte off-by-one overwrite into the heap
›
CVE-2014-5119 vulnerability was reported in glibc by Tavis Ormandy member of Google's Zero Project . Vulnerability Vulnerable code li...
Wednesday, September 3, 2014
Monthly threat update #15: August
›
This month we have learnt about two interesting NSA/GCHQ capabilities: ORBs (Operational Relay Boxes) harvesting by 5-eyes and GCHQ catal...
Friday, August 15, 2014
Penetration testing with pick
›
This post ilustrates usage of libxploit and accompanied pick tool together with some lateral movement techniques during penetration test. ...
›
Home
View web version