SECURITY LABS

Bypassing insufficient blacklisting

Operating system (OS) command injection attack is a variant of code injection attacks which are considered a major security threat that in fact, is classified as No. 1 on the 2013 OWASP top ten web security risks [1]. The main objective of this article is to examine the detection and exploitation capabilities of Commix against blacklisting techniques. The general idea behind blacklisting is to check for malicious patterns before allowing the execution of users input.

READ MORE
IBM WebSphere Java Deserialization (RCE) - Metasploit Module

Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.

READ MORE
OSI - Corporate Brochure

Our passion to innovation and our commitment to excellence are key elements of our culture. We’ve established OBRELA SECURITY INDUSTRIES in the Global Cyber Security Market driven by those exact principles and our mission to Keep our client’s Business in Business. We will strive to create new services and value. - George Patsis, CEO

READ MORE
Meltdown and Spectre attacks

Three CVE entries have been announced for the vulnerabilities titled Spectre and Meltdown which are affecting modern computer processors (Intel, AMD, ARM and Qualcomm processors).

READ MORE
Obrela Security Industries - GDPR Solution

Obrela Security Industries is well prepared to assist global organizations in establishing preparedness and achieving compliance with the GDPR through our extensive portfolio of Cyber Security Services, which offer an unprecedented level of real-time operational visibility, security situational awareness, and policy - processes management and compliance monitoring.

READ MORE
Obrela Security Industries Corporate Presentation

Obrela Security Industries (OSI) provides security analytics and risk management services to identify, analyse, predict and prevent highly sophisticated security threats in real time. Engineered for complex enterprise environments our technology allows for the highest, complete and most robust protection that clients can get.

READ MORE
Datasheet: Workflow Management

The Swordfish Workflow Management functionality of the SWORDFISH platform smoothly connects all major elements of Information Security Management, from framework establishment and maintenance to continuous monitoring and reviewing.

READ MORE
Datasheet: Risk Management

By implementing a set of embedded processes as well as processes tailored to client needs (using the workflow builder), SWORDFISH supports decision making through which management identifies, analyzes, and if necessary responds appropriately to risks that might adversely affect the realization of organization’s business objectives.

READ MORE
Datasheet: Governance

The platform facilitates the design and development of Information Security Frameworks supported by embedded content and process models that vary depending on the industry sector as well as related standards and regulations.

READ MORE