Profile cover photo
Profile photo
Strategic and Tactical Computer Security Services
Strategic and Tactical Computer Security Services

Foundstone's posts

Post has attachment
hostapd-wpe: Now with More Pwnage!
By Brad Antoniewicz . A major component of hacking IEEE 802.11 wireless networks is targeting the client's system. This is because of the trusting nature of wireless and corporate systems can be tricky to configure correctly. But don't forget that the same ...

Post has attachment
My Cousin VIMmy: A Journey Into the Power of VIM
By Melissa Augustine Goldsmith. I was cleaning up some YARA rules we have in the office. I am, if anything, a bit OCD about tabs and spacing. I came across this rule from Contagio Exploit pack... <snippet>
$a41 = { 7d 40 4e 55 05 54 51 4d 46 52 7e 73 3d ...

Post has attachment
KLEE on Ubuntu 14.04 LTS 64Bit
by Brad Antoniewicz . It seems like all of the cool kids nowadays are into Symbolic Execution , especially for vulnerability research . It's probably all because of DARPA's Cyber Grand Challenge - a government-sponsored challenge to develop a system that au...

Post has attachment
Writing Slack Space on Windows
By Diego Urquiza. I’m a Foundstone intern in NYC office and for a project I decided to write a tool to remove file slack space. In this post I’ll introduce the methods I took in writing the tool then provide the tool itself. Hope you enjoy it! About File Sl...

Post has attachment
Approaches to Vulnerability Disclosure
By Brad Antoniewicz . The excitement of finding a vulnerability in piece of commercial software can quickly shift to fear and regret when you disclose it to the vendor and find yourself in a conversation with a lawyer questioning your intentions. This is an...

Post has attachment
Privilege escalation with AppScan
By Kunal Garg. Web application vulnerability scanners are a necessary evil when it comes to achieving a rough baseline or some minimum level of security. While they should never be used as the only testament of security for an application, they do provide a...

Post has attachment
Dojo Toolkit and Risks with Third Party Libraries
By Deepak Choudhary. 3rd party libraries can become critical components of in-house developed applications, while the benefits to using them is huge, there is also some risks to consider. In this blog post we'll look at a common 3rd party component of many ...

Post has attachment
Debugging Android Applications
By Naveen Rudrappa. Using a debugger to manipulate application variables at runtime can be a powerful technique to employ while penetration testing Android applications. Android applications can be unpacked, modified, re-assembled, and converted to gain acc...

Post has attachment
Acquiring Linux Memory from a Server Far Far Away
By Dan Caban. In the past it was possible to acquire memory from linux systems by directly imaging (with dd ) psudo-device files such as /dev/mem and /dev/kmem . In later kernels, this access was restricted and/or removed. To provide investigators and sys...

Post has attachment
Multi-Staged/Multi-Form CSRF
By Deepak Choudhary. Exploiting a CSRF vulnerability that relies on a single request (GET/POST) is often a simple task, and tools like Burp make effort even easier. However, exploitation can become much more difficult when multiple requests are needed to ex...
Wait while more posts are being loaded