Our published works

Our published works

Introduction

Over the years, we published technical papers, security tools and advisories public to share our insights into security exposure with the security community and the public in general better understand their security exposure.

Advisories

Papers

  • Surf Jacking “HTTPS will not save you”: Attackers exploiting this vulnerability are able to hijack an HTTP session even when the victim and the attacker’s connection is encrypted using SSL or TLS.
  • The Extended HTML Form Attack Revisited: A generic security flaw which affects various web browsers such as Internet Explorer, Opera and Safari. This vulnerability allows attackers to launch Cross Site Scripting attacks by making use of non-HTTP protocols.

Open source and Free Tools

Articles

  • Storming SIP Security: An article published in the 02/08 issue of Hakin9. Why IP Phone Systems are the new target. How VoIP systems can be broken into or simply abused for Toll Fraud. What you can do to prevent this.
  • When best intentions go wrong: Debian OpenSSL vulnerability and how it affects the solutions that we (security professionals) recommend. Published on (IN)Secure Magazine.
  • Closing a can of worms: Tackling the assumption that network traffic cannot be intercepted or modified during transit. Published on (IN)Secure Magazine.
  • How security can hurt us: The more you spend on security does not necessarily equal more security. Published on (IN)Secure Magazine

Notable blog posts

Conference presentations

  • Kamailio World 2016 - 9 Years Of Friendly Scanning And Vicious SIP (video)
  • HackPra 2013 - Webapp Exploit Payloads tools built for & during the job (video)
  • Bsides London 2012 - Escalating privileges on common webapps (video)
  • Hack in the Box Malaysia 2011 - VoIP Security workshop: Attacking CUCM
  • IIT’s RTC Conference and Expo 2011 - Practical Fraud Attacks on VoIP Systems
  • SECURE 2011 Poland - Attacks on VoIP (Workshop)
  • AstriCon 2010 Washington DC - Just how vulnerable is your VoIP system?
  • Hackcon Norway 2010
  • Hackito Ergo Sum France 2010 - Attacking VoIP; attacks and the attackers
  • Troopers 2009 - The Truth about Web Application Firewalls (video)
  • Shakacon 2009 - Web Application Firewalls: What the vendors do not want you to know
  • OWASP Europe 2009 - Web Application Firewalls
  • Ph-neutral 2009 - Web Application Firewalls
  • BruCON Belgium 2009 - VoIP pentesting workshop
  • Hack.lu Luxembourg 2009 - VoIP pentesting workshop
  • CONFidence Krakow 2009 - Scanning the Intertubes for VOIP (pdf)
  • SEC-T Sweden 2009 - Scanning the Intertubes for VOIP (video)

Get in touch