Presentation | Download | Conferences | Date |
Hacking an altcoin node for ̶f̶u̶n̶ ̶a̶n̶d̶ profit | N/A | WarCon III | June 2018 |
I Got 99 Trends and a # is All of Them! How We Found Over 100 RCE Vulnerabilities in Trend Micro Software | pdf slideshare | Hack In The Box 2017 Amsterdam | April 2017 |
Augmented Reality in your web proxy | slideshare | HackPra Allstars - OWASP App Sec EU 2013 (Hamburg) | August 2013 |
Cross Context Scripting attacks and exploitation | slideshare | HackPra (Ruhr-Universität Bochum) | November 2012 |
Window Shopping: Browser Bug Hunting in 2012 | pdf . slideshare | Hack In the Box 2012 (Amsterdam) | May 2012 |
Bridging The Gap: Security and software testing | pdf . slideshare | ANZTB Test Conference 2011 (Auckland) | Mar 2010 |
Defending Against Application Level DoS Attacks | pdf . slideshare | OWASP New Zealand Day 2010 (Auckland) | Jul 2010 |
Exploiting Firefox Extensions | pdf . slideshare . video | OWASP AppSec Asia & SecurityByte 2009 (Gurgaon, IN) DEFCON 17 (Las Vegas, US) EUSecWest 2009 (London, UK) | Nov 2009 |
Reversing JavaScript | zip . slideshare | OWASP New Zealand Chapter | Mar 2009 |
None More Black: The Dark Side of SEO | pdf . slideshare | Ruxcon 2008 (Sydney, AU) Kiwicon II (Wellington, NZ) | Oct 2008 |
Browser Security | ppt . slideshare | OWASP New Zealand Chapter | Sep 2008 |
Black Energy 1.8 - Russian botnet package analysis | ppt . slideshare | Hack In The Bush (Internal Training) | May 2008 |
Web Spam Techniques | ppt . slideshare | OWASP New Zealand Chapter | Apr 2008 |
XPath Injection | ppt . slideshare | OWASP New Zealand Chapter | Feb 2008 |
Ajax Security | ppt . slideshare | OWASP New Zealand Chapter | Dec 2007 |
It's time for another advisory ( CVE-2015-3326 ), a simple one, for a vulnerability which can be found quickly and trivially. For those of you who just want to give a glance at the post, I suggest to directly watch the picture which says it all! The following vulnerability was discovered on TrendMicro SMEX (ScanMail for Microsoft Exchange) 10 SP2 but it affects other versions as well. While surfing the SMEX web administrative interface using a web proxy, I have noticed something in the HTTP request - the session token itself and its format, a number. After observing a significant number of logins, the session token was always represented with an number composed of minimum 4 digits and maximum 5 digits, as shown in the screen shot below: Although the observed session tokens were never generated sequentially, the lack of a cryptographically strong PRNG for the session identifier, allows a malicious user to trivially guess the token. This attack can be easily ...