This website uses cookies to ensure you get the best experience. More Information...


Client Side Penetration Testing – T&T Part 1

Most client-side attacks are based on delivering emails to the target, nevertheless by underestimating the need to build an adequate “trust level” towards the target, there’s a fair chance that the exercise will fail even at this early state. Below we will begin by listing some techniques, considerations, and tips on how to successfully deliver […]

Obrela Security Industries Advisory (OSI-1501)

Advisory ID  OSI-1501 Description: The XML parser of Cisco Prime Service Catalog suffers from a vulnerability that could allow an authenticated remote attacker to either cause denial of service conditions (resources consumption) or retrieve sensitive data (local data access). Researcher: Alexis Dimitriadis (a.dimitriadis[a t]obrela[do t]com) Vulnerability: CVE-2015-0581: Cisco Prime Service Catalog XML External Entity Processing Vulnerability […]

Major Internet Explorer Vulnerability Publicly Disclosed Today

Update: As estimated, the community has responded to this public disclosure 4 days after it was announced. MS has been notified Oct-2014. CVE assigned is CVE-2015-0072. Today a vulnerability was disclosed (no CVE) on seclists.org by the security company called Deusen. The mechanics and PoC were also disclosed, proving that the same origin policy of […]

Using UDF in Penetration Testing Part 2

Before continuing, we are assuming – again – that we have already gained access to a MySQL administration interface (the way we did that, is out of the scope of this post) and we want to acquire a command shell in order to penetrate further into the system. Finally, we are assuming that the MySQL […]

Using UDF in Penetration Testing

During a penetration test, we might throw ourselves into a situation where we have SQL administrative access only. As usual, we want to dive deeper into the network. Sometimes the only way to accomplish that is to execute commands on the system that serves the current SQL server. If the server happens to be an […]

Cyprus Computer Society Conference Whitepaper

It appears that the external threats to an organization are increasing steadily, and may, in fact, be increasing more rapidly than is commonly reported. To combat cybercrime, a set of management procedures and an organizational framework for identifying, assessing and mitigating risks, is necessary. Rather than reacting to individual problems in an ad-hoc manner these […]


Today, infrastructure encompasses computer technology and key business processes and is increasingly web-based. Thus, the availability and security of computer networks and websites have become a critical component of an organization’s risk profile. Even though preventative security steps can be taken by companies, there is no silver bullet that can make businesses completely secure.  Insurance […]

Critical Infrastructure Protection

Information Security in critical infrastructures is a major challenge. Critical infrastructure can be damaged, destroyed or disrupted by deliberate acts of terrorism, natural disasters, and negligence, leading to a loss of confidentiality, integrity and availability of critical infrastructure information assets. Vulnerabilities in critical infrastructure not only create risk for systems, networks, information and public trust […]

PKI Roadmap – A guideline for government institutions

PKI implementations have a great failure rate, statistically, due to absent or misplaced organizational structures, the role and the effectiveness of which is considered critical in the establishment of the relevant operational model, supporting policy and legal framework. The scope of this framework describes the delivery of PKI services by, and on behalf of, government […]