Download

This whitepaper introduces a new technique to intercept JAVA Serialized communication and modify it to perform penetration testing with almost the same ease as testing regular web applications. This technique is more efficient than the currently used methods. It will give the penetration tester the same control and power that an application developer has without most of the drawbacks that are present in the current methods used for testing applications communicating via Serialized Objects.

Download

Users of Google Gears face serious threats from attacks that could steal all their offline data and place permanent backdoors on their machines. This whitepaper introduces the readers to Google Gears and provides a detailed coverage of the various attacks that are possible. These range from stealing the victim’s MySpace and Gmail ‘inbox’s to seven different techniques for placing backdoors. References to 0days and actual implementations of Google Gears by popular sites are provided. The attacks discussed in this whitepaper can be performed using Imposter.

Download

Content running in the browser usually cannot access the local file system but there are exceptions. This whitepapers discusses a new attack by which an attacker can transfer files from the local file system of victims using Internet Explorer. Details on how this attack works and the components involved are provided. This attack can be performed using Imposter.

Download

Web Application firewalls are becoming a critical component in the Web Security space. This whitepaper discusses a new technique to be bypass Web Application Firewalls and perform SQL Injection attacks on ASP/ASP.NET applications. The technique is backed up with a vulnerability on ModSecurity.