Profile

Cover photo
65 followers|12,614 views
AboutPostsPhotosVideos

Stream

Foundstone

Shared publicly  - 
 
hostapd-wpe: Now with More Pwnage!
By Brad Antoniewicz . A major component of hacking IEEE 802.11 wireless networks is targeting the client's system. This is because of the trusting nature of wireless and corporate systems can be tricky to configure correctly. But don't forget that the same ...
1
1
Stewart Fey's profile photo
Add a comment...

Foundstone

Shared publicly  - 
 
KLEE on Ubuntu 14.04 LTS 64Bit
by Brad Antoniewicz . It seems like all of the cool kids nowadays are into Symbolic Execution , especially for vulnerability research . It's probably all because of DARPA's Cyber Grand Challenge - a government-sponsored challenge to develop a system that au...
1
Add a comment...

Foundstone

Shared publicly  - 
 
Approaches to Vulnerability Disclosure
By Brad Antoniewicz . The excitement of finding a vulnerability in piece of commercial software can quickly shift to fear and regret when you disclose it to the vendor and find yourself in a conversation with a lawyer questioning your intentions. This is an...
1
Add a comment...

Foundstone

Shared publicly  - 
 
Dojo Toolkit and Risks with Third Party Libraries
By Deepak Choudhary. 3rd party libraries can become critical components of in-house developed applications, while the benefits to using them is huge, there is also some risks to consider. In this blog post we'll look at a common 3rd party component of many ...
1
Add a comment...

Foundstone

Shared publicly  - 
 
Acquiring Linux Memory from a Server Far Far Away
By Dan Caban. In the past it was possible to acquire memory from linux systems by directly imaging (with dd ) psudo-device files such as /dev/mem and /dev/kmem . In later kernels, this access was restricted and/or removed. To provide investigators and sys...
2
Add a comment...

Foundstone

Shared publicly  - 
 
Recap of BYOD Risks
By Kunal Garg. Bring Your Own Device (BYOD) has been a hot topic over the last two years as organizations begin to permit employees to bring personally owned mobile devices (such as laptops, tablets, and smart phones) to their workplace, and let them use th...
1
Add a comment...
Have them in circles
65 people
Davide Gaieni's profile photo
William Chua's profile photo
Hash Include's profile photo
fidel uwaya's profile photo
Pat McCoy's profile photo
Shankar Raman's profile photo
Tom Yang's profile photo
Sheikh Islam's profile photo
Mildred Hill's profile photo

Foundstone

Shared publicly  - 
 
My Cousin VIMmy: A Journey Into the Power of VIM
By Melissa Augustine Goldsmith. I was cleaning up some YARA rules we have in the office. I am, if anything, a bit OCD about tabs and spacing. I came across this rule from Contagio Exploit pack... <snippet>
$a41 = { 7d 40 4e 55 05 54 51 4d 46 52 7e 73 3d ...
1
Add a comment...

Foundstone

Shared publicly  - 
 
Writing Slack Space on Windows
By Diego Urquiza. I’m a Foundstone intern in NYC office and for a project I decided to write a tool to remove file slack space. In this post I’ll introduce the methods I took in writing the tool then provide the tool itself. Hope you enjoy it! About File Sl...
1
Add a comment...

Foundstone

Shared publicly  - 
 
Privilege escalation with AppScan
By Kunal Garg. Web application vulnerability scanners are a necessary evil when it comes to achieving a rough baseline or some minimum level of security. While they should never be used as the only testament of security for an application, they do provide a...
By Kunal Garg. Web application vulnerability scanners are a necessary evil when it comes to achieving a rough baseline or some minimum level of security. While they should never be used as the only testament of security for a...
1
Add a comment...

Foundstone

Shared publicly  - 
 
Debugging Android Applications
By Naveen Rudrappa. Using a debugger to manipulate application variables at runtime can be a powerful technique to employ while penetration testing Android applications. Android applications can be unpacked, modified, re-assembled, and converted to gain acc...
1
Add a comment...

Foundstone

Shared publicly  - 
 
Multi-Staged/Multi-Form CSRF
By Deepak Choudhary. Exploiting a CSRF vulnerability that relies on a single request (GET/POST) is often a simple task, and tools like Burp make effort even easier. However, exploitation can become much more difficult when multiple requests are needed to ex...
1
Add a comment...

Foundstone

Shared publicly  - 
 
Heartbleed Recap and Testing
By Mateo Martinez and Melissa Augustine. CVE-2014-0160 also known as the " Heartbleed Bug ", is a serious vulnerability in OpenSSL , one of the most widely used cryptographic libraries. This bug has been present in OpenSSL since March 14, 2012 with the rele...
By Mateo Martinez and Melissa Augustine. CVE-2014-0160 also known as the "Heartbleed Bug", is a serious vulnerability in OpenSSL, one of the most widely used cryptographic libraries. This bug has been present in OpenSSL since...
1
1
Nuno Almeida's profile photo
Add a comment...
People
Have them in circles
65 people
Davide Gaieni's profile photo
William Chua's profile photo
Hash Include's profile photo
fidel uwaya's profile photo
Pat McCoy's profile photo
Shankar Raman's profile photo
Tom Yang's profile photo
Sheikh Islam's profile photo
Mildred Hill's profile photo
Story
Tagline
Strategic and Tactical Computer Security Services