Vulnerability
SANS ISC Diary - Crashing explorer.exe with(out) a click
· β˜• 1 min read
A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at a vulnerability in the way Windows handles self-referential links, which makes it possible to use specially crafted URL and LNK files to crash Explorer.

CrisisCon - Breaking Windows
· β˜• 1 min read
Videos of all presentations from last weeks CrisisCon are now accessible on Youtube. Among them is my own talk on known unpatched vulnerabilities and weaknesses in Windows. If you couldn’t make it to the online conference, I recommend you at least go through some of the recordings as couple of the talks were quite interesting.

SANS ISC Diary - Desktop.ini as a post-exploitation tool
· β˜• 1 min read
A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at a vulnerability in the way Windows handles desktop.ini files, which makes it possible to use them as an interesting post-exploitation tool.

SANS ISC Diary - Open Redirect: A Small But Very Common Vulnerability
· β˜• 1 min read
A Guest Diary of mine was published today on the SANS Internet Storm Center. In this one, I discuss open redirect vulnerabilities and how to find them. If you’ve never heard of open redirects, this might be a useful introductory text.

Where are all the machines affected by BlueKeep hiding - part 2
· β˜• 4 min read
Last week, we took a look at Shodan results to try to determine which countries are the “richest” in the world when it comes to machines vulnerable to BlueKeep visible from the internet. Since the number of vulnerable machines Shodan detects grows every day (see the following chart), I thought it might be interesting to have another look at the numbers. But in a way which is a little different.

Where are all the machines affected by BlueKeep hiding?
· β˜• 1 min read
We've all read about the hundereds of thousands of machines affected by BlueKeep connected to the internet, but where are they hiding? With the help of Shodan, we can try to figure it out...

How big of a problem is the 'open redirect' in Babel?
· β˜• 4 min read
During a recent research into prevalence of open redirection vulnerabilities within the ccTLD .CZ we've done with my colleagues from ALEF CSIRT, I’ve noticed that many of the vulnerable sites seemed to be using CMS Made Simple with Babel multi-language module. This seemed to warrant a closer investigation...

Open Redirection Vulnerability in Babel
· β˜• 2 min read
In this post you may find description of a vulnerability I found in Babel - a CMSMS module - when searching for sites affected by Open Redirection vulnerabilities...

Looking back at September 2015
· β˜• 1 min read
Information concerning number of devices vulnerable to Heartbleed vulnerability has appeared in the news during September. Given that the existence of Heartbleed was made public almost a year and a half ago it may be surprising that the number of vulnerable devices exceeds 200.000. Affair concerning the Stagefright vulnerability (which was mentioned in the last Looking back) continued in September when Zimperium – the company which discovered Stagefright – released a proof-of-concept code which exploits the vulnerability.