ConCon Blog

Show left menu  
Hide left menu  
Analysing & Repurposing Spartan's CVE 2015
Analysing and repurposing Spartan's CVE-2015-7645

By Francesco Mifsud, 15 Sept. 2016

For this blog post we’ve chosen to analyse a Flash exploit utilised by the Spartan Exploit Kit, namely CVE-2015-7645. We'll go through the process of analysing the obfuscated Flash file, ...

Using SMB named pipes as a C2 channel
Using SMB named pipes as a C2 channel

By Ruben Boonen, 31 Aug. 2016

Intrusion detection systems are becoming increasingly more capable of detecting malicious activity on the corporate perimeter, local network environment and on individual hosts. Commonly, when attackers move laterally on a ...

Manually Testing SSL/TLS Weaknesses 2016 Edition

By Michael Skiba, 16 Aug. 2016

In 2015 Jay Kalsi and Daniel Mossop released a blogpost for Context that explained how one can manually test for the most common SSL/TLS weaknesses. This post has since been ...

Attacks on HTTPS via malicious PAC files

By Alex Chapman and Paul Stone, 10 Aug. 2016

In our last blog post, Sniffing HTTPS URLS with malicious PAC files, we described issues identified in the implementation of PAC files in various web browsers and operating systems. In ...

Pangu 9.3 jailbreak
Obfuscation, Encryption & Unicorns… Reversing the string encryption in the Pangu 9.3 jailbreak

By Rob Fay, 02 Aug. 2016

Like many others I was happy to read the news that team Pangu released a jailbreak for iOS 9.3.3. A jailbroken device is especially useful in the field of security ...

Sniffing HTTPS URLS with malicious PAC files

By Alex Chapman and Paul Stone, 27 July 2016

In March this year we discovered an issue with the way many web browsers and operating systems handle Proxy Auto-Config (PAC) files. PAC files are JavaScript code that tell the ...

Binary SMS
Binary SMS - The old backdoor to your new thing

By Alex Farrant, 20 July 2016

Despite being older than many of its users, Short Messaging Service (SMS) remains a very popular communications medium and is increasingly found on remote sensors, critical infrastructure and vehicles due ...

Back to Top