ConCon Blog

Show left menu  
Hide left menu  
Sharepoint
Framesniffing against SharePoint and LinkedIn

10 March 2012

In this blog post, I'll describe the Framesniffing technique and show how it can be used by a remote attacker to steal sensitive information from users through their web browser. ...

Malware 2
Malware 2 - From Infection to Persistence

By Mark Nicholls, 26 Jan. 2012

In my previous posting, a malicious PDF was analysed that originated from a targeted email campaign that exposed a number of users to infection. The PDF file implemented standard exploitation ...

https
Server Technologies - HTTPS BEAST Attack

06 Nov. 2011

A number of our clients have asked for advice regarding the HTTPS BEAST attack. This blog is intended to give a more realistic overview of what the attack means to ...

Dark comet
Malware Analysis - Dark Comet RAT

02 Nov. 2011

A Remote Administration Tool (otherwise known as a RAT) is a piece of software designed to provide full access to remote clients. Capabilities often include keystroke logging, file system access ...

Proxy
Server Technologies - Reverse Proxy Bypass

06 Oct. 2011

In this blog I will describe a new type of security vulnerability which can allow full internal system access from the internet from an unauthenticated perspective. This technique exploits insecurely ...

SAP exploitation
SAP Exploitation – Part 2

30 Aug. 2011

This is the second in a series of posts about SAP infrastructure security, specifically related to RFC vulnerabilities and common misconfigurations that can be exploited by an attacker to gain ...

Security Flaws
WebGL – More WebGL Security Flaws

16 June 2011

Summary In this blog post Context demonstrates how to steal user data through web browsers using a vulnerability in Firefox’s implementation of WebGL. This is a continuation of our research ...

Back to Top