RedTeam Discovers 0-day in TFTPGUI
RedTeam Discovers 0-day in TFTPGUI 1.4.5
Jeremiah Talamantes, Principal Security Consultant and Security Researcher at RedTeam, has discovered a 0-day security vulnerability in TFTPGUI version 1.4.5. The security vulnerability in the TFTP server application revolves around unexpected behavior when sending an overly long transport mode string. An attacker can execute a remote Denial-of-Service attack on the server application by sending a string of malicious characters causing the program to crash.
Jeremiah has developed proof of concept code for this vulnerability in Python. This 0-day has been published by the Exploit Dat...
Screencast: Hacking With Your Web Browser
In this video screencast, Jeremiah Talamantes, Principal Security Consultant and Security Researcher for RedTeam Security walks us through a step by step process of how to compromise a web server using the web applications hosted on it.
One of the main points brought across in the screencast is the need for secure application development. Organizations, with some of the most hardened servers and networks, are compromised simply by the (insecure) applications they host.
The demonstrations shown in this screencast use Damn Vulnerable Web Application, netcat and other tools. The attacks shown include remote command execution...
RedTeam Discovers 0-day in XM FTP Server
DOS Vulnerability in XM Easy FTP Server 5.8.0
RedTeam Security Labs security researcher and principal consultant, Jeremiah Talamantes, has uncovered a security vulnerability in XM Easy FTP server version 5.8.0. The security vulnerability in the FTP server application revolves around mishandling of input within the LIST FTP command. An attacker can execute a Denial-of-Service attack on the XM FTP server application by sending a string of malicious characters to the LIST command causing the program to crash.
Jeremiah has developed proof-of-concept code for this vulnerability for the Metasploit Framework as we...
Newly Released OWASP Top 10 for 2010
Today, OWASP released the 2010 version of it's Top Ten list. For the complete list, please click here to visit the OWASP website.
The OWASP Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list.
Adopting the OWASP Top Ten is perhaps the most effective first step towards changing the softwa...
Cross-Site Request Forgery Video Demonstration
Cross-site request forgery, also known as click jacking and sometimes abbreviated CSRF, has been around for a number of years. Cross-site request forgery is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.
We have put together a basic video demonstration of a cross-site scripting attack. In the demonstration we've used
Categories
Contact Us
Phone number:
1-612-234-7848
E-mail: