XML External Entity – Beyond /etc/passwd (For Fun & Profit)
Robert Schwass*// Last week I was asked twice in one day if I knew what XML External Entity (XXE) Vulnerabilities were. Maybe they are making a comeback in mainstream security […]
Vulnerabilities
WEBCAST: Exchange and OWA attacks – Step by Step
Here’s our webcast with Beau Bullock, Brian Fehrman & Carrie Roberts from Tuesday, November 29.
Bypassing Two-Factor Authentication on OWA & Office365 Portals
Beau Bullock // Full Disclosure: Black Hills Information Security believes in responsible disclosure of vulnerabilities. This vulnerability was reported to Microsoft on September 28th, 2016. As of the publication date of […]
Service Detection – Tomcat Manager, From “Info” to “Ouch”
Carrie RobertsĀ // Continuing on the thread of highlighting Nessus vulnerability scan results that turned out to be more severe than reported . . . I always review the “Info” level “Service Detection” […]
Asterisk SIP Server, From “Info” to “Ouch”
Carrie Roberts // I learned some new stuff that will make me pay attention to “Asterisk Detection” Nessus informational findings in the future . . . On an external network […]