Default Cipher Suites in Windows Server
While testing the latest version of IIS Crypto, we researched all of the cipher suites for each operating system. Unfortunately there is little up-to-date documentation on the default cipher suites…
Stream Securely: Simply and Privately Preserving Live Video Evidence
Cell phone video has been a major game changer for society. While most cell videos are just for fun, some have also been critical as evidence to document acts of…
Authentication bypass on Uber’s Single Sign-On via subdomain takeover
TL;DR: Uber was vulnerable to subdomain takeover on saostatic.uber.com via Amazon CloudFront CDN. Moreover, Uber’s recently deployed Single Sign-On (SSO) system at auth.uber.com, which is based on shared cookies between…
Default Cipher Suites in Windows Server
While testing the latest version of IIS Crypto, we researched all of the cipher suites for each operating system. Unfortunately there is little up-to-date documentation on the default cipher suites…
IIS Crypto 2.0 Released!
We are happy to announce that IIS Crypto 2.0 has been released! This new version is a complete rewrite and has a brand new interface. Some new features include creating…
Dispelling Decentralization Doubts
Recently at the 36th CCC, Moxie Marlinspike gave a talk titled “the ecosystem is moving” defending his choice to centralize Signal, claiming decentralized systems are unable to adapt and succeed…
Exploiting a Windows 10 PagedPool off-by-one overflow (WCTF 2018)
During the weekend of 6-8th of July, our CTF team – Dragon Sector – played in an invite-only competition called WCTF, held in Beijing. The other participants were top-tier groups from around…
IIS Crypto 2.0 Released!
We are happy to announce that IIS Crypto 2.0 has been released! This new version is a complete rewrite and has a brand new interface. Some new features include creating…
New SSL/TLS Attack – FREAK
A new SSL/TLS vulnerabilty was recently discovered dubbed “FREAK“. Originally it was thought that only OpenSSL was vulnerable, however, Microsoft just issued an advisory (3046015) describing the affected versions of Windows. The…
New SSL/TLS Attack – FREAK
A new SSL/TLS vulnerabilty was recently discovered dubbed “FREAK“. Originally it was thought that only OpenSSL was vulnerable, however, Microsoft just issued an advisory (3046015) describing the affected versions of Windows. The…