Categories
Allgemein

How to carry out successful penetration test?

Penetration testing became de-facto standardized service that companies either use or plan to use as integral component of security operations. However, many companies still struggle with the same challenges. What shall we test? How to adequately scope the penetration testing project? How to utilize penetration testing in order to measurably improve security in long run? […]

Categories
Security Research

CANdy – automated CAN bus message mapping framework

Check out CANdy demo When I was offered to write a bachelor thesis on the topic of CAN bus message mapping, I had no idea how crucial and fascinating such an area actually is and I would like to share with you what I learned and created during the past six months. First thing first, […]

Categories
Security Research

[CVE-2020-15779] Path Traversal in Socket.io-file NPM module

Title: Path Traversal in Socket.io-file NPM moduleDate: 18/05/2020CVE-ID: 2020-15779Advisory: https://www.npmjs.com/advisories/1519Author: Thomas SermpinisVersions: <= 2.0.31Package URL: https://www.npmjs.com/package/socket.io-fileTested on: node v10.19.0, Socket.io-file v2.0.31, socket.io v2.3.0Proof of Concept: https://www.exploit-db.com/exploits/48713 During one of my penetration tests for a local military equipment supplier, I faced a web application running on an embedded device that used web sockets in order to […]