by Roman Faynberg | Apr 12, 2021 | Exploits, Featured, News, Techniques
You might have taken all the right steps to secure a corporate Windows workstation: your users are not running as local admins, endpoint protection is in place, service ACLs and file permissions are locked down, etc. Yet there is still a frequently overlooked...
by Aidan Noll | Apr 16, 2020 | Exploits, Labs, News, Techniques, Tools
Intro – GraphQL GraphQL (GQL) is a popular data query language that makes it easier to get data from a server to a client via an API call. GQL is commonly deployed as a critical piece of the technology stack for modern web and mobile applications, and as a...
by Danny Rosseau | Jan 13, 2020 | Exploits, IOT, Labs
Back when I first read about this thing called “hacking” I thought I’d be spending all my days overflowing NSA buffers with plagiarized shell code and going by some cool hacker name like “1337BadGeR”. Sadly for me, upon entering the actual world, I had to get back in...
by Danny Rosseau | Aug 22, 2019 | Android, Exploits, IOT, Labs, Mobile, Techniques
When this Project Zero report came out I started thinking more about USB as an interesting attack surface for IoT devices. Many of these devices allow users to plug in a USB and then perform some actions with that USB automatically, and that automatic functionality...
by Jesson Soto Ventura | Aug 19, 2019 | Android, Disclosures, Exploits, Labs, Mobile
A few months ago, I was testing the email functionality on a company’s contact us page, when I sent an email to myself containing: <script> alert(“Hi, It’s almost lunch time”) </script> It actually was close to lunch time, so I wrapped up...
by Brad Dixon | Aug 6, 2016 | Exploits, IOT, Labs, Techniques
One of the most critical issues that we look for when we assess an embedded/IoT device is secrets that are shared across the device population. Usually, finding these secrets involves gaining full access to our own device in order to find out how other devices may be...