Showing posts from 2022

Stacking the Odds in Your Favor: How to Choose the Best Web Application Penetration Test Partner

Author:   Dan Weiss SVP, Application & Network Security Services So, you are in the market for a Web Application pen test. Or is that a security assessment? Maybe it’s a vulnerability assessment or a compliance audit? The terminology is dizzying. Adding to the mess is that each of these things may (and often do) mean different things to clients and vendors. One vendor’s definition of a security assessment may match another’s pen test, which may not fit the client’s definition. So how do you know that you’re getting what you need, and can you tell if the vendor is giving you high-quality work? While there is not one single thing that can provide that insight, there are a lot of clues that you can get from your potential vendors to give yourself some sense of assurance that they are the right vendor for your needs. This article aims to arm you with some questions to ask potential vendors. In addition, it guides you in identifying a quality vendor based on the questions they ask you s

No Hardware, No Problem: Emulation and Exploitation

Vulnerability Hunting for Sport If you've been following our blog, you might notice some favoritism when it comes to embedded targets... We've been exploring the NETGEAR R7000 for several blog posts . This pattern stems from a number of product characteristics, one of which is that the device is easy to emulate in QEMU, which provides an alternative to testing the actual device and is much more researcher-friendly. While it's not strictly required, nor is it the only factor that we consider, it does make for a more enjoyable vulnerability research experience! In this blog post, we'll walk through emulating the R7000's UPnP daemon in QEMU to aid in the discovery and exploitation of vulnerabilities. Towards that end, this blog will demonstrate an exploit for a post-authenticated stack overflow vulnerability, and how to easily unpack the encrypted firmware updates for the R7000's Circle update daemon. Unpacking the R7000 Firmware The first step in emulating the

Connecting the Dots for Connected Security

It is undeniable that organizations, government agencies, and critical infrastructure providers face evolving cyber threats with increased volume and complexity. Securing your organization's information and assets requires the right amount of effort focused on appropriate areas. Cyber-Physical Systems Security  According to the National Institute for Standards and Technology (NIST), "Cyber-Physical Systems (CPS) comprise interacting digital, analog, physical, and human components engineered for function through integrated physics and logic. These systems will provide the foundation of our critical infrastructure, form the basis of emerging and future smart services, and improve our quality of life in many areas."  Automobiles, medical devices, building controls, automatic pilot avionics, and the smart grid are CPS examples. Each includes smart networked systems with embedded sensors, processors, and actuators that sense and interact with the physical world and support rea