ConCon Blog

Show left menu  
Hide left menu  
EsPReSSO a refreshment on the hunt for Single Sign-On

By Tim Guenther, 30 Nov. 2015

EsPReSSO was developed as a Bachelor thesis in IT-Security by Tim Guenther, at Ruhr-University Bochum, and is based on the "BurpSSOExtension" by Christian Mainka. Context has supported Tim during this ...

Building a SOC: Thinking About Effective Incident Management

By Kat Demidecka, 26 Nov. 2015

While incident response is what we most often talk about, we also do a lot of work helping clients to proactively build resiliency and develop their internal cyber security capability. ...

Bandit Robbery
Data Exfiltration via Blind OS Command Injection

By Craig Donkin, 16 Nov. 2015

On a penetration test or CTF challenge you may come across an application that takes user input and passes it to a system command or to a supporting program that ...

Hacker on a computer
The Cyber Threat and Terrorism

By Tom Williams, 02 Nov. 2015

The concept of cyber terrorism, or extremists utilising offensive cyber techniques, is one that gains wide publicity and grabs attention; but what is the reality of this threat? Russian-based Islamic ...

Make a Django app insecure? It's not easy and that's a good thing!

By Patrick Craston, 19 Oct. 2015

The OWASP Top 10 describes the most critical and most commonly occurring security flaws in web applications. This list is published every three years and although some issues move up ...

Alarm bells ringing!

By Neil Biggs, 05 Oct. 2015

We like to look at the security of consumer and commercial products, either as a product security evaluation for a customer or for our own interest. In previous blog posts ...

Social Engineering
Hacking without Computers – An Introduction to Social Engineering

By Owen Wright, 21 Sept. 2015

The concept of manipulating people and processes for some benefit pre-dates the invention of computers and the concept of cyber security, and goes well beyond the realms of IT and ...

Back to Top