ConCon Blog

Show left menu  
Hide left menu  
SAP
SAP Parameter Injection - No Space for Arguments

14 Aug. 2012

This blog post details a vulnerability that was found in SAP’s Host Control service. The vulnerability allows for 100% reliable full code execution as the SAP administrator from an unauthenticated ...

Server technologies
Server Technologies- Are You Using .NET Remoting? Stop it!

24 July 2012

In May 2012 Microsoft released MS12-035 which was a security update for all versions of the .NET framework (including v4.0) based on some security research I performed over 12 months ...

Ransomware
Malware - Exploit Packs, Zeus and Ransomware

19 July 2012

In the last blog post, we looked at the processes and steps involved in a successful malware campaign. The series covered the Trojan Carberp and the many aspects to its ...

SAP exploitation
SAP Exploitation – Part 3

31 May 2012

In this post of the series, I will go into some detail on the various mitigations and configuration changes required to be made to your SAP environment to help protect ...

Cloud security
Dirty Disks Raise New Questions About Cloud Security

24 April 2012

During our research last year into Cloud Node security here we identified a security vulnerability affecting some customers at Rackspace and at VPS.NET, which were two out of the four ...

Sharepoint
Framesniffing against SharePoint and LinkedIn

10 March 2012

In this blog post, I'll describe the Framesniffing technique and show how it can be used by a remote attacker to steal sensitive information from users through their web browser. ...

Malware 2
Malware 2 - From Infection to Persistence

By Mark Nicholls, 26 Jan. 2012

In my previous posting, a malicious PDF was analysed that originated from a targeted email campaign that exposed a number of users to infection. The PDF file implemented standard exploitation ...

Back to Top