HOW SAFE IS YOUR DATA?
// OUR SERVICES
Assess
Build
Teach
// LATEST NEWS
Taking Local File Disclosure to the Next Level
I recently discovered a path traversal vulnerability on a bash script exposed through the cgi-bin directory on an Apache server. Using the vulnerability, I was able to read arbitrary files on the remote system (as long as the access controls of the Apache user allowed...
read moreDeserialisation Vulnerabilities
Seemingly one of the most overlooked security vulnerabilities in the web applications that we test is the deserialization of untrusted data. I say overlooked because awareness of this issue seems to be comparatively low among web developers. Contrast that with the...
read moreEverything you run is SYSTEM
If you're ever running any programs on an account with administrative privileges, it might be tempting to think "It's alright; at least if this account is compromised, the attacker won't be able to obtain NT AUTHORITY\SYSTEM ("SYSTEM" for simplicity) level...
read more