WAF bypass made easy
In this post I will share my testing experiences about a web application protected by a web application firewall (WAF). The investigation of the parameters of web interfaces revealed that I can perform...
View ArticleSanitizing input with regex considered harmful
Sanitizing input (as in trying to remove a subset of user input so that the remaining parts become “safe”) is hard to get right in itself. However, many developers doom their protection in the first...
View ArticleAn update on MD5 poisoning
Last year we published a proof-of-concept tool to demonstrate bypasses against security products that still rely on the obsolete MD5 cryptographic hash function. Summary: The method allows bypassing...
View ArticleConditional DDE
Here’s a little trick we’d like to share in the end-of-year rush: DDE is the new black, malware authors quickly adopted the technique and so did pentesters and red teams in order to simulate the latest...
View ArticleThe curious case of encrypted URL parameters
As intra-app URLs used in web applications are generated and parsed by the same code base, there’s no external force pushing developers towards using a human-readable form of serialization. Sure, it’s...
View ArticleEvading Cisco AnyConnect blocking LAN connections
Some VPNs allow split tunneling, however, Cisco AnyConnect and many other solutions offer a way for network administrators to forbid this. When that happens, connecting to the VPN seals off the client...
View Article