ConCon Blog

Show left menu  
Hide left menu  
https
Manually Testing SSL/TLS Weaknesses 2016 Edition

By Michael Skiba, 16 Aug. 2016

In 2015 we published a blogpost that explained how to manually test for the most common SSL/TLS weaknesses. This has become one of the most popular posts on our blog ...

Sniffing HTPPS URLS
Attacks on HTTPS via malicious PAC files

By Alex Chapman and Paul Stone, 10 Aug. 2016

In our last blog post, Sniffing HTTPS URLS with malicious PAC files, we described issues identified in the implementation of PAC files in various web browsers and operating systems. In ...

Pangu 9.3 jailbreak
Obfuscation, Encryption & Unicorns… Reversing the string encryption in the Pangu 9.3 jailbreak

By Rob Fay, 02 Aug. 2016

Like many others I was happy to read the news that team Pangu released a jailbreak for iOS 9.3.3. A jailbroken device is especially useful in the field of security ...

Sniffing HTPPS URLS
Sniffing HTTPS URLS with malicious PAC files

By Alex Chapman and Paul Stone, 27 July 2016

In March this year we discovered an issue with the way many web browsers and operating systems handle Proxy Auto-Config (PAC) files. PAC files are JavaScript code that tell the ...

Binary SMS
Binary SMS - The old backdoor to your new thing

By Alex Farrant, 20 July 2016

Despite being older than many of its users, Short Messaging Service (SMS) remains a very popular communications medium and is increasingly found on remote sensors, critical infrastructure and vehicles due ...

https header sign
The Security of HTTP-Headers

By Michael Skiba, 18 May 2016

When it comes to web application security one often thinks about the obvious: Sanitize user input, transmit data over encrypted channels and use secure functions. Often overlooked are the positive ...

Ramble icon
Bluetooth LE - Increasingly popular, but still not very private

By Scott Lester and Paul Stone, 05 May 2016

In May last year we wrote a blog post on our initial research on Bluetooth Low Energy (BLE). This covered our research into the new protocol, including what devices were ...

Back to Top