BLOG - Infigo

DDE attacks in Microsoft Excel through web applications

While conducting one of recent penetration tests, we came across an interesting scenario where an attacker could create a malicious Excel document and use it for various malicious purposes. We hope you will find our findings interesting!

Više

How to (really) add value to business with IS risk analysis

Risk analysis – very few standards and legal/regulatory requirements in information security universe go without it. Can it be used for something else besides getting a certificate or avoiding regulatory fines?

Više

Vlerësimi i rrezikut të POODLE

One of the biggest security announcements in the last year was definitely the POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability, which marked the real end of SSLv3. In a contrast with many other previously identified vulnerabilities in encryption algorithms used by SSLv3, this vulnerability is viable, and can be exploited by an attacker without jumping over too many obstacles or requiring large resources – the POODLE vulnerability is real.

Više

Blindly confirming XXE

XXE vulnerabilities are more and more often being discovered as attack vectors for web applications which use XML to transfer data between clients and servers. Although they have been around us for many years, we still see them quite often in our penetration tests. Since they can lead to disclosure of sensitive files on your system as well as Denial of service attacks, in this blog entry we decided to take a closer look how XXE vulnerabilities can be discovered and validated.

Više