Whitepaper: Recognizing and Preventing TOCTOU

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. Recognizing and Preventing TOCTOU Whitepaper 03 Mar 2015 - Christopher Hacking Time-Of-Check-to-Time-Of-Use (TOCTOU) vulnerabilities have been known for decades, but are still frequently discovered in modern code. This diverse … Continue reading Whitepaper: Recognizing and Preventing TOCTOU

Black Hat 2013 – Femtocell Presentation Slides, Videos and App

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. Black Hat 2013 - Femtocell Presentation Slides, Videos and App 19 Aug 2013 - Tom Ritter We’re back from Las Vegas, rested, and finally ready to release the slides, videos, and our … Continue reading Black Hat 2013 – Femtocell Presentation Slides, Videos and App

WebLogic Plugin HTTP Injection via Encoded URLs

VSR Security Advisory http://www.vsecurity.com/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: WebLogic Plugin HTTP Injection via Encoded URLs Release Date: 2010-07-13 Application: WebLogic Plugin Versions: All known versions Severity: High Discovered by: Timothy D. Morgan < tmorgan (at) vsecurity {dot} com > Contributors: George D. Gal < ggal {at} vsecurity (dot) com > Vendor Status: Patch Released [4] CVE … Continue reading WebLogic Plugin HTTP Injection via Encoded URLs