TARLOGIC's BLOG
Cybersecurity - Page 11

Cybersecurity articles with security analysis and ethical hacking technics information

Vulnerabilities in Televes COAXDATA GATEWAY – CVE-2017-6532
Vulnerabilities in Televes COAXDATA GATEWAY – CVE-2017-6532

=============================== – Advisory – =============================== Title: Televes COAXDATA GATEWAY 1Gbps – Priv Escalation Risk: High Date: 19.Jul.2017 [...]

Read more
Protections against network privilege escalation
Protections against network privilege escalation
Ciber 4 All Team

The application of perimeter security controls in each layer of any infrastructure as well as hardening measures in systems enable limiting an intruder lateral movement in the netw[...]

Read more
Kerberos tickets: Comprehension and exploitation
Kerberos tickets: Comprehension and exploitation
Eloy Pérez

The main aim of this post is explaining the most common attacks that can be carried out in a security audit or pentest of Kerberos protocol used in Microsoft active directory domai[...]

Read more
AeroAdmin 4.1 Vulnerability – CVE-2017-8893 CVE-2017-8894
AeroAdmin 4.1 Vulnerability – CVE-2017-8893 CVE-2017-8894

Tarlogic Advisory: Tarlogic-2017-001 Title: Multiple vulnerabilities found in AeroAdmin 4.1 software. Discovered by: Juan Manuel Fernandez (@TheXC3LL) CWE-ID: CWE-119 Improper Rest[...]

Read more
Same-Site cookies against CSRF attacks analysis
Same-Site cookies against CSRF attacks analysis
Jose Rabal

CSRF vulnerabilities Cross-site request forgery (CSRF) vulnerabilities are extremely common in web applications. Despite they are known since a long time ago, we are used to find t[...]

Read more
How PHP Object Injection works
How PHP Object Injection works
Juan Manuel Fernandez

PHP Object Injection enables the arbitrary manipulation of an object content that shall be unserialized using the PHP unserialize() function. This kind of web application vulnerabi[...]

Read more
How to automate JavaScript challenges with NodeJS and Python
How to automate JavaScript challenges with NodeJS and Python
Armando Nogueira

[...]

Read more
What are “Watering Hole Attacks”?
What are “Watering Hole Attacks”?
Juan Manuel Fernandez

[...]

Read more
Enterprise WiFi network security audit from openwrt
Enterprise WiFi network security audit from openwrt
Oscar Mallo

The main difficulties found when performing a security audit of Enterprise WiFi network by a security analyst in ethical hacking are the following: WPA Enterprise networks imperson[...]

Read more
Backdoors in IDEs – RootedCON 2015 Talk
Backdoors in IDEs – RootedCON 2015 Talk
Miguel Tarasco

This article describes in detail the content of “Bend the developers to your will” talk given by Miguel Tarascó and included in RoodCON 2015 Congress. 1. Why developers? Devel[...]

Read more
1 8 9 10 11 12
Advanced penetration testing services