BLOG CATEGORIES
Advisories
CVE | Product | Description |
---|---|---|
CVE-2014-4687 | pfSense | Multiple persistent and reflected XSS vulnerabilities including in Referer HTTP Header. |
CVE-2014-4688 | pfSense | Command Injection in diag_dns.php, diag_smart.php and status_rrd_graph_img.php. |
CVE-2014-4689 | pfSense | LFI vulnerability in pkg_edit.php allows including XML files. |
CVE-2014-4690 | pfSense | LFI vulnerability via directory traversal in pkg_mgr_install.php and system_firmware_restorefullbackup.php. |
CVE-2014-4691 | pfSense | The session ID is not properly reset when initializing a new login session. |
CVE-2014-4692 | pfSense | The session cookie set at login does not have the HttpOnly flag set when the firewall’s GUI is configured to use HTTP. |
CVE-2014-4693 | pfSense | XSS vulnerability in snort_import_aliases.php and in snort_select_alias.php. |
CVE-2014-4694 | pfSense | XSS vulnerability in suricata_select_alias.php. |
CVE-2014-4695 | pfSense | Error and URL Redirection to Untrusted Site in snort_rules_flowbits.php and snort_select_alias.php. |
CVE-2014-4696 | pfSense | Error and URL Redirection to Untrusted Site in suricata_rules_flowbits.php and suricata_select_alias.php. |
Whitepapers
Whitepaper | Description |
---|---|
Analysis of Disco Savings Adware | Analysis of a Disco Savings Adware, which installed a browser extension on victim's computer to be able to modify the content of every web site in order to inject arbitrary malicious HTML content into the visited web sites. |
Projects
Project | Description |
---|---|
FuzzyFTP | The input files that can be used with Peach/Sulley generic fuzzers to fuzz FTP protocol. The basic as well as extended FTP commands are supported. |
Open source contributions
Project | Description |
---|---|
Keychain | Manages SSH and GPG keys in secure manner and acts as a frontend to ssh-agent as well as gpg-agent. It reduces the number of times we need to enter a password when connecting to SSH/GPG enabled endpoint. |
ZAProxy | Contributed to open source ZAP proxy that can be used for finding vulnerabilities in web applications. |
Vim dotfiles | The Vim text editor dotfiles that we use at Proteansec. |
Awesome dotfiles | AwesomeWM configuration files used to configure your Awesome window manager. |
Tmux dotfiles | TMux configuration files used for configuring terminal multiplexer. |
VisualStudio projects | Various Windows related projects, mostly programmed in Visual Studio that were written for the purpose of presenting various topics in different articles. Projects present mostly reverse engineering concepts as well as hooking IDT, MSR and SSDT. |