SECURITY LABS

Undetectable Metasploit WAR

A possible attack path during a penetration test is having access to the administrative console of a JAVA Application Server (like WAS, JBOSS and Tomcat) installed on a Windows server with default or guessable (e.g. through brute-force) administrative credentials.

READ MORE
Fast Forward Brute-Forcing Apache Tomcat 6/7/8

Just a way around Apache Tomcat "brute-forcing" delay mechanism...

READ MORE
Real Time Risk Management

Operational security requires a continuous process of awareness, preparedness and readiness. It is a highly demanding, cross-domain activity that requires effective communication and coordination between people that often have different knowledge and perspective for information security within the organization. It is neither a fixed cost nor a fixed duration project; rather an on-going business program with strategy, plans, objectives and stakeholders.

READ MORE
Swordfish Technology Brochure

SWORDFISH enables our clients to dynamically manage their security framework, enforce management, operational and technology security controls, assess compliance with regulations, policies and standards, and analyze our risks in real time. All under a single console.

READ MORE
Exposure Management Brochure

By simulating real attacks, identifying potential weaknesses at any IT component and by researching for new attack vectors, we assure a solid IT security level for our clients.

READ MORE
Web Application Security Brochure

Swordfish Web Application Security provides an innovative model to help businesses protect their brand and online information, incorporating a state-of-the-art transparent security layer over their web applications.

READ MORE
Threat Management Brochure

Using security analytics and sophisticated risk management technology we dynamically protect our clients by identifying, analyzing, predicting and preventing security threats in real time.

READ MORE
Client Side Penetration Testing - T&T Part 2

This is the 2nd part, out of 2 blog articles, which demonstrate some tips and techniques (T&T) for client side penetration tests. The previous article included tips and techniques on how to deliver spoofed emails without being blocked. This article includes techniques on how to embed an executable file within attachable files, without being detected by mail filters and anti-virus.

READ MORE
Obrela Security Industries Advisory (OSI-1502)

Obrela Security Industries Advisory (OSI-1502) Dnsmasq 2.72 Unchecked returned value

READ MORE