Silent Signal Ltd.
Silent Signal Ltd.
Blog Post

New blog articles detected.

  • Notes on McAfee Security Scan Plus RCE (CVE-2017-3897)
    At the end of last month, McAfee published a fix for a remote code execution vulnerability in its Security Scan Plus software. Beyond Security, who we worked with for vulnerability coordination published the details of the issue and our PoC exploit on their blog. While the vulnerability itself got some attention due to its frightening … Continue reading Notes on McAfee Security Scan Plus RCE (CVE-...
Silent Signal Ltd.
Silent Signal Ltd.
Blog Post

New blog articles detected.

  • Fools of Golden Gate
    In this blog post, we once again demonstrate that excessive reliance on automated tools can hide significant risks from the eyes of defense. Meanwhile, we discuss technical details of critical vulnerabilities of Oracle Golden Gate and show another disappointing example of the security industries approach to product quality. The Shining Some time ago during an … Continue reading Fools of Golden Gat...
Silent Signal Ltd.
Silent Signal Ltd.
Blog Post

New blog articles detected.

  • Not so unique snowflakes
    When faced with the problem of identifying entities, most people reach for incremental IDs. Since this requires a central actor to avoid duplicates and can be easily guessed, many solutions depend on UUIDs or GUIDs (universally / globally unique identifiers). However, although being unique solves the first problem, it doesn’t necessarily cover the second. We’ll … Continue reading Not so unique sno...
Silent Signal Ltd.
Silent Signal Ltd.
Blog Post

New blog articles detected.

  • Beyond detection: exploiting blind SQL injections with Burp Collaborator
    It’s been a steady trend that most of our pentest projects revolve around web applications and/or involve database backends. The former part is usually made much easier by Burp Suite, which has a built-in scanner capable of identifying (among others) injections regarding latter. However, detection is only half of the work needed to be done; … Continue reading Beyond detection: exploiting blind SQL...
  • An update on MD5 poisoning
    Last year we published a proof-of-concept tool to demonstrate bypasses against security products that still rely on the obsolete MD5 cryptographic hash function. Summary: The method allows bypassing malicious executable detection and whitelists by creating two executables with colliding MD5 hashes. One of the executables (“sheep”) is harmless and can even perform some useful task … Continue readin...

Out-Market Your Competitors?

Get complete competitive insights on over 2.2 million companies to drive your marketing strategy.

Create Free Account Log in

By signing up, you agree to the Terms of Service and Privacy Policy.

Out-Market Your Competitors

Get complete competitive insights on over 2.2 million companies to drive your marketing strategy.

Create Free Account

Already a user?  Log in

By signing up, you agree to the Terms of Service and Privacy Policy.