Choose language:
Pratite nas:


Home office chronicles – working in a time of pandemic

It's here. It's inevitable. It's everywhere. You know what I'm talking about. The virus "He Who Must Not Be Named" has shaped our lives and habits for the past weeks (or has it been months?)

Više Blog

How to (really) add value to business with IS risk analysis

Risk analysis – very few standards and legal/regulatory requirements go without it in information security universe. Can it be used for something else besides getting a certificate or avoiding regulatory fines?

Više Risk and compliance

DDE attacks in Microsoft Excel through web applications

While conducting one of recent penetration tests, we came across an interesting scenario where an attacker could create a malicious Excel document and use it for various malicious purposes. We hope you will find our findings interesting!

Više Penetration testing

Assessing the risk of POODLE

One of the biggest security announcements in the last year was definitely the POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability, which marked the real end of SSLv3. In a contrast with many other previously identified vulnerabilities in encryption algorithms used by SSLv3, this vulnerability is viable, and can be exploited by an attacker without jumping over too many obstacles or requiring large resources – the POODLE vulnerability is real.

Više Penetration testing

Blindly confirming XXE

XXE vulnerabilities are more and more often being discovered as attack vectors for web applications which use XML to transfer data between clients and servers. Although they have been around us for many years, we still see them quite often in our penetration tests. Since they can lead to disclosure of sensitive files on your system as well as Denial of service attacks, in this blog entry we decided to take a closer look how XXE vulnerabilities can be discovered and validated.

Više Penetration testing