Properly Signed Certificates on CPE Devices

During late January 2020, a hot topic surfaced between security professionals on an issue that has historically had different proposed solutions. This blog post seeks to explore these solutions and identify pragmatic approaches to risk reduction on this specific issue concerning Customer Premises Equipment (CPE) security. Two security researchers (Tom Pohl and Nick Starke) analysed … Continue reading Properly Signed Certificates on CPE Devices

Tool Release – Collaborator++

When testing for out-of-band vulnerabilities, Collaborator has been an invaluable tool since its initial release in 2015. By acting as a HTTP, DNS and SMTP server, Collaborator allows researchers to identify complex out-of-band interactions between target applications and external services aiding in the discovery of vulnerabilities such as server-side request forgery (SSRF), XML external entity … Continue reading Tool Release – Collaborator++