ConCon Blog

Show left menu  
Hide left menu  
SAP exploitation
SAP Exploitation – Part 3

31 May 2012

In this post of the series, I will go into some detail on the various mitigations and configuration changes required to be made to your SAP environment to help protect ...

Cloud security
Dirty Disks Raise New Questions About Cloud Security

24 April 2012

During our research last year into Cloud Node security here we identified a security vulnerability affecting some customers at Rackspace and at VPS.NET, which were two out of the four ...

Framesniffing against SharePoint and LinkedIn

10 March 2012

In this blog post, I'll describe the Framesniffing technique and show how it can be used by a remote attacker to steal sensitive information from users through their web browser. ...

Malware 2
Malware 2 - From Infection to Persistence

By Mark Nicholls, 26 Jan. 2012

In my previous posting, a malicious PDF was analysed that originated from a targeted email campaign that exposed a number of users to infection. The PDF file implemented standard exploitation ...

Server Technologies - HTTPS BEAST Attack

06 Nov. 2011

A number of our clients have asked for advice regarding the HTTPS BEAST attack. This blog is intended to give a more realistic overview of what the attack means to ...

Dark comet
Malware Analysis - Dark Comet RAT

02 Nov. 2011

A Remote Administration Tool (otherwise known as a RAT) is a piece of software designed to provide full access to remote clients. Capabilities often include keystroke logging, file system access ...

Server Technologies - Reverse Proxy Bypass

06 Oct. 2011

In this blog I will describe a new type of security vulnerability which can allow full internal system access from the internet from an unauthenticated perspective. This technique exploits insecurely ...

Back to Top