Security_Guy

Privilege Escalation Vulnerabilities Found in Lenovo System Update

November 25, 2015December 17, 2015 by Cesar

Cesar

By Sofiane Talmat @_Sud0 Lenovo released a new version of the Lenovo System Update advisory (https://support.lenovo.com/ar/es/product_security/lsu_privilege) about two new privilege escalation vulnerabilities I had reported to Lenovo a couple of weeks ago (CVE-2015-8109, CVE-2015-8110). IOActive and Lenovo have issued advisories on these issues.

Continue Reading

Privilege Escalation Vulnerabilities Found in Lenovo System Update

November 25, 2015December 17, 2015 by Cesar

Cesar

By Sofiane Talmat @_Sud0 Lenovo released a new version of the Lenovo System Update advisory (https://support.lenovo.com/ar/es/product_security/lsu_privilege) about two new privilege escalation vulnerabilities I had reported to Lenovo a couple of weeks ago (CVE-2015-8109, CVE-2015-8110). IOActive and Lenovo have issued advisories on these issues.

Continue Reading

Analysis By Default

November 25, 2015 by The Official Radare Blog

The Official Radare Blog

Analysis By Default Many people that starts using radare2 complain about having a different workflow than other similar tools like IDA or Hopper. Probably the most annoying part for them is that it doesn’t run the analysis at startup. And this is the reason why I’m writing this blog post…

Continue Reading

Breaking into and Reverse Engineering iOS Photo Vaults

November 19, 2015December 17, 2015 by Cesar

Cesar

 By Michael Allen @_Dark_Knight_ Every so often we hear stories of people losing their mobile phones, often with sensitive photos on them. Additionally, people may lend their phones to friends only to have those friends start going through their photos. For whatever reason, a lot of people store risqué pictures…

Continue Reading

Breaking into and Reverse Engineering iOS Photo Vaults

November 19, 2015December 17, 2015 by Cesar

Cesar

 By Michael Allen @_Dark_Knight_ Every so often we hear stories of people losing their mobile phones, often with sensitive photos on them. Additionally, people may lend their phones to friends only to have those friends start going through their photos. For whatever reason, a lot of people store risqué pictures…

Continue Reading

On Web-Security and -Insecurity 2015-11-16 14:30:00

November 16, 2015November 16, 2015 by Christian Mainka

Christian Mainka

EsPReSSO - A good morning starts with coffee!In this posts I describe the tool, I wrote for my Bachelor thesis at the Chair for Network and Data Security, with support of Context Information Security Ltd.. EsPReSSO is a apronym for "Extension for Recognition and Processing of Single Sing on Protocols".…

Continue Reading

On Web-Security and -Insecurity 2015-11-16 14:30:00

November 16, 2015November 16, 2015 by Christian Mainka

Christian Mainka

EsPReSSO - A good morning starts with coffee!In this posts I describe the tool, I wrote for my Bachelor thesis at the Chair for Network and Data Security, with support of Context Information Security Ltd.. EsPReSSO is a apronym for "Extension for Recognition and Processing of Single Sing on Protocols".…

Continue Reading

SSH – A brief analysis of the internet

November 10, 2015 by BinaryEdge

BinaryEdge

SSH or Secure Shell For those of you that don't know, SSH is, in simple terms, an encrypted network protocol that allows network services to operate securely over an unsecured network. SSH provides a secure channel between a client and a server. Commonly used to manage remote machines and transfer…

Continue Reading

SSH – A brief analysis of the internet

November 10, 2015 by BinaryEdge

BinaryEdge

SSH or Secure Shell For those of you that don't know, SSH is, in simple terms, an encrypted network protocol that allows network services to operate securely over an unsecured network. SSH provides a secure channel between a client and a server. Commonly used to manage remote machines and transfer…

Continue Reading

Playing with Certificates (from a Researcher’s Perspective)

November 6, 2015August 2, 2018 by Juraj Somorovsky

Juraj Somorovsky

I often face a problem that I need to test several TLS servers. In order to make the tests consistent, I want to deploy the same keys and certificates on each server. However, this is not that easy, since there are several key formats and generation mechanisms. Deploying the same…

Continue Reading

Playing with Certificates (from a Researcher’s Perspective)

November 6, 2015September 1, 2016 by Juraj Somorovsky

Juraj Somorovsky

I often face a problem that I need to test several TLS servers. In order to make the tests consistent, I want to deploy the same keys and certificates on each server. However, this is not that easy, since there are several key formats and generation mechanisms. Deploying the same…

Continue Reading