ConCon Blog

Show left menu  
Hide left menu  
Gears.png
Porting exploits to a Netgear WNR2200

By Jan Mitchell, 21 Sept. 2016

Software vulnerabilities and the accompanying exploits are still all too common. Fortunately the response to vulnerabilities has got significantly better in recent years with quick patching of the most critical ...

Analysing & Repurposing Spartan's CVE 2015
Analysing and repurposing Spartan's CVE-2015-7645

By Francesco Mifsud, 15 Sept. 2016

For this blog post we’ve chosen to analyse a Flash exploit utilised by the Spartan Exploit Kit, namely CVE-2015-7645. We'll go through the process of analysing the obfuscated Flash file, ...

Using SMB named pipes as a C2 channel
Using SMB named pipes as a C2 channel

By Ruben Boonen, 31 Aug. 2016

Intrusion detection systems are becoming increasingly more capable of detecting malicious activity on the corporate perimeter, local network environment and on individual hosts. Commonly, when attackers move laterally on a ...

https
Manually Testing SSL/TLS Weaknesses 2016 Edition

By Michael Skiba, 16 Aug. 2016

In 2015 we published a blogpost that explained how to manually test for the most common SSL/TLS weaknesses. This has become one of the most popular posts on our blog ...

Sniffing HTPPS URLS
Attacks on HTTPS via malicious PAC files

By Alex Chapman and Paul Stone, 10 Aug. 2016

In our last blog post, Sniffing HTTPS URLS with malicious PAC files, we described issues identified in the implementation of PAC files in various web browsers and operating systems. In ...

Pangu 9.3 jailbreak
Obfuscation, Encryption & Unicorns… Reversing the string encryption in the Pangu 9.3 jailbreak

By Rob Fay, 02 Aug. 2016

Like many others I was happy to read the news that team Pangu released a jailbreak for iOS 9.3.3. A jailbroken device is especially useful in the field of security ...

Sniffing HTPPS URLS
Sniffing HTTPS URLS with malicious PAC files

By Alex Chapman and Paul Stone, 27 July 2016

In March this year we discovered an issue with the way many web browsers and operating systems handle Proxy Auto-Config (PAC) files. PAC files are JavaScript code that tell the ...

Back to Top