This website uses cookies to ensure you get the best experience. More Information...


Real Time Risk Management

Operational security requires a continuous process of awareness, preparedness and readiness. It is a highly demanding, cross-domain activity that requires effective communication and coordination between people that often have different knowledge and perspective for information security within the organization. It is neither a fixed cost nor a fixed duration project; rather an on-going business program […]

Swordfish Technology Brochure

Operational security requires a continuous process of awarene ss, preparedness and readiness; The Information Security Program. A highly  demanding, cross – domain activity that requires effective communication and coordination between people that often have different knowledge and perspective for information security within the organization. Challenged by the complexity and cost of assem bling security  knowledge, […]

Exposure Management Brochure

As IT environments constantly grow due to demand and evolve due to new services such as the Internet of Things, Bring Your Own Device, Cloud  Services, Social Media and big data, IT Security becomes a necessity not only for mid to enterprise range but for even smaller companies as well.  On top of that and […]

Web Application Security Brochure

Web Applications are a direct target for attacks, as they are directly accessible from all parts of the world and form a surface to valuable information and, many times, Personally Identifiable information (PII) such as credit cards, identity numbers, health information, etc. Each year, web-borne attacks are increased by 30%, while successful breaches reach up […]

Threat Management Brochure

Organizations have already made significant investments in order to implement best‐of‐breed, multi‐layered information security architectures, adopting in a relatively small timeframe a multitude of technologies such as Firewalls, Intrusion Detection Systems, Web Application Firewalls, Anti-virus / Anti-spam / Anti-phishing systems, etc. in a never‐ending race of improving their security posture and being able to cope […]

Client Side Penetration Testing – T&T Part 2

Upon being able to contact the target and sound legitimate, we should be able to have a binary executed through persuasive and undetectable techniques. Below we discuss some of these techniques: PowerPoint presentation with embedded .exe A legitimate and undetectable by AntiVirus method to deliver an executable (if the executable itself is undetectable of course), […]

Obrela Security Industries Advisory (OSI-1502)

Advisory ID  OSI-1502 Description: Dnsmasq does not properly check the return value of the setup_reply() function called during a tcp connection (by the tcp_request() function). This return value is then used as a size argument in a function which writes data on the client’s connection.  This may lead, upon successful exploitation, to reading the heap […]

Vulnerability in Windows http.sys could allow DOS or remote code execution

Yesterday Microsoft has patched a critical vulnerability in Windows HTTP stack (http.sys), which would have extreme consequences if an exploit is publicly disclosed. Up until this writing (15-04-2015 17:00) no public exploit exists. The vulnerability is assigned CVE-2015-1635 and MS15-034. Where is it based? Using a specially crafted HTTP GET request, an attacker can trivially […]

The Swordfish Project

The SWORDFISH project aims to develop a prototype security management platform capable to support and secure dependable infrastructures mainly through its ability to merge information security with the physical security world and the business process (the human factor). This approach can give enormous capabilities to organizations or communities of organizations to secure their assets and […]