Our Blog

Obtaining shells via Logitech Unifying Dongles

Reading time: ~11 min
Posted by Rogan Dawes on 02 December 2019
Categories: Internal, Radio, Real-world, Redteam, Rf, Shells, Usb
In this post, I will recap some of the security research conducted on wireless keyboards and mice, and eventually show...

USaBUSe Linux updates

Reading time: ~6 min
Posted by Rogan Dawes on 10 March 2017
Categories: Abuse, Backdoor, Build-it, Conferences, Empire, Exploit, Hardware, Internals, Linux, Metasploit, Programming, Real-world, Research, Shells, Tunnelling
(If you’re new to this project, read the intro first) For the past few months, I’ve been working on porting...

Revisting XXE and abusing protocols

Reading time: ~9 min
Posted by etienne on 28 January 2014
Categories: Real-world, Webapps, Xml
Recently a security researcher reported a bug in Facebook that could potentially allow Remote Code Execution (RCE). His writeup of...

Dangers of Custom ASP.NET HttpHandlers

Reading time: ~2 min
Posted by behrang on 13 December 2012
Categories: Real-world, Reversing
ASP.NET HttpHandlers are interesting components of a .NET web application when performing security assessments, mainly due to the fact they...

House of Cards

Reading time: ~4 min
Posted by daniel on 07 July 2011
Categories: Real-world
In light of recent mass hacks (HBGary, Sony, Nintendo,  etc) one would have thought that collectively, companies would take notice...

Analysis of a UDP worm

Reading time: ~4 min
Posted by behrang on 25 October 2010
Categories: Real-world, Research, Reversing
Introduction From time to time I like to delve into malware analysis as a pastime and post interesting examples, and...

‘Scraping’ our time servers

Reading time: ~5 min
Posted by gert on 31 March 2010
Categories: Local, Real-world
The intertubes have been humming lately around a certain NTP feature to gather lists of NTP servers’ clients and it...

Virtualization as an answer to backward compatability?

Reading time: Less than a minute
Posted by Haroon Meer on 25 April 2009
Categories: Real-world
Part of the problem Microsoft bumped into with Vista, was hordes of people who had grown too attached to XP.....

Vanilla SQL Injection is oh-so-90’s…wait…is it? (Jackin the K)

Reading time: ~1 min
Posted by nick on 08 February 2009
Categories: Real-world, Webapps
aka.. Someone put the hurtski on Kaspersky.. The Twitters (via XSSniper and others) and the Interwebs were ablaze with news on...

Turn of the century deja vu?

Reading time: ~3 min
Posted by nick on 01 February 2009
Categories: Real-world, Security-news, Vulnerability management
The recent widespread carnage caused by the Conficker worm is astounding, but is also comforting, in a strange way. It...

“Hooker” approach to break-in!

Reading time: Less than a minute
Posted by behrang on 06 January 2009
Categories: Fun, Real-world
Interesting post on cost/benefit analysis of  hacker and hooker attacks…. behrang

Sarah Palin, a yahoo email account, and something more shocking…

Reading time: Less than a minute
Posted by Haroon Meer on 18 September 2008
Categories: Infosec-soapies, Mindless-politics, Real-world
By now everyone knows that John McCain’s running mate Sarah Palin had her yahoo email account hacked. I guess a...

Enter Google Chrome…

Reading time: ~1 min
Posted by Haroon Meer on 02 September 2008
Categories: Real-world, Tools
Google have thrown their hat in the browser-ring, which many have predicted. [Chrome]  should be coming soon to downloads near...

rethinking ye old truths

Reading time: ~1 min
Posted by marco on 13 June 2008
Categories: Real-world, Security-fyi, Security-news
since forever, i’ve been told (and told others) that the greatest threat is from the inside. turns out, not so...

Mind Control, Big Cats, Feynman && kiosks…

Reading time: ~4 min
Posted by Haroon Meer on 29 October 2007
Categories: Fun, Mac, Real-world
Aka… A good weekend.. The weekend got off to a slow start, when Amazon claimed it would take a little...

Alas.. i could have made squillions (aka – Amazon MTURK)

Reading time: ~1 min
Posted by Haroon Meer on 12 September 2007
Categories: Fun, Real-world, Research, Tools
In early 2002 i suggested that we could solve some computer problems and south africas street-kid problem by setting up...

On vulnerability, root cause, white-listing and compliance

Reading time: ~4 min
Posted by Charl van der Walt on 01 July 2007
Categories: Real-world
Many years ago, when we first released ‘Setiri’ one of the controls that we preached was website white-listing. As talk-back...

More Pentagon data leakage through Office files..

Reading time: Less than a minute
Posted by Haroon Meer on 10 June 2007
Categories: Real-world
R J Hillhouse (who has a fascinating background) found that when she double clicked a graph on a slide deck...

Hotel Hacking

Reading time: Less than a minute
Posted by Charl van der Walt on 05 June 2007
Categories: Real-world
Check out http://hongkong.langhamplacehotels.com/accom/technology.htm in Hong Kong. They provide Cisco IP phones in the rooms, but with a difference. According to...

Second Life land grab case moves into U.S federal courts..

Reading time: ~1 min
Posted by Haroon Meer on 04 June 2007
Categories: Real-world
Ars Technica is reporting on the law suit filed in 2006 by Martin Bragg who accused Linden labs of wrongfully...