ConCon Blog

Show left menu  
Hide left menu  
Canape – Dicing ESXi into Byte Size Portions

19 Oct. 2012

On the 21st October Context consultant Alex Chapman will be presenting at the Ruxcon conference in Melbourne. Alex will be describing how to inspect, manipulate and exploit the main remote ...

SAP Parameter Injection - No Space for Arguments

14 Aug. 2012

This blog post details a vulnerability that was found in SAP’s Host Control service. The vulnerability allows for 100% reliable full code execution as the SAP administrator from an unauthenticated ...

Server technologies
Server Technologies- Are You Using .NET Remoting? Stop it!

24 July 2012

In May 2012 Microsoft released MS12-035 which was a security update for all versions of the .NET framework (including v4.0) based on some security research I performed over 12 months ...

Malware - Exploit Packs, Zeus and Ransomware

19 July 2012

In the last blog post, we looked at the processes and steps involved in a successful malware campaign. The series covered the Trojan Carberp and the many aspects to its ...

SAP exploitation
SAP Exploitation – Part 3

31 May 2012

In this post of the series, I will go into some detail on the various mitigations and configuration changes required to be made to your SAP environment to help protect ...

Cloud security
Dirty Disks Raise New Questions About Cloud Security

24 April 2012

During our research last year into Cloud Node security here we identified a security vulnerability affecting some customers at Rackspace and at VPS.NET, which were two out of the four ...

Framesniffing against SharePoint and LinkedIn

10 March 2012

In this blog post, I'll describe the Framesniffing technique and show how it can be used by a remote attacker to steal sensitive information from users through their web browser. ...

Back to Top