ConCon Blog

Show left menu  
Hide left menu  
Watering hole
The Crouching Tiger at the IHS Watering Hole

By Nick Mazitelli and Kat Demidecka, 14 June 2013

Introduction This blog post details the investigation of a recent watering hole attack that we observed on a number of our clients' networks in March this year. It discusses why ...

Java Pwn2Own

19 April 2013

On 16th April Oracle released Java 7 Update 21 (which you should install now if you haven’t already!) This release fixes all the Java vulnerabilities disclosed to Oracle during the ...

Canape – New Version of Canape Released

13 Feb. 2013

More Flexibility for ScriptsCanape v1.2 brings a number of improvements to the handling and editing of script code to make it easier to work with them. First the UI now ...

Canape – Dicing ESXi into Byte Size Portions

19 Oct. 2012

On the 21st October Context consultant Alex Chapman will be presenting at the Ruxcon conference in Melbourne. Alex will be describing how to inspect, manipulate and exploit the main remote ...

SAP Parameter Injection - No Space for Arguments

14 Aug. 2012

This blog post details a vulnerability that was found in SAP’s Host Control service. The vulnerability allows for 100% reliable full code execution as the SAP administrator from an unauthenticated ...

Server technologies
Server Technologies- Are You Using .NET Remoting? Stop it!

24 July 2012

In May 2012 Microsoft released MS12-035 which was a security update for all versions of the .NET framework (including v4.0) based on some security research I performed over 12 months ...

Malware - Exploit Packs, Zeus and Ransomware

19 July 2012

In the last blog post, we looked at the processes and steps involved in a successful malware campaign. The series covered the Trojan Carberp and the many aspects to its ...

Back to Top