0
Skip to Content
Leviathan Security Group - Penetration Testing, Security Assessment, Risk Advisory
Services
Web Application Penetration Testing
Secure Code Review
Network Penetration Testing
Smart Device and IoT Security Assessment
Vendor Security
Risk Advisory Services
Virtual Chief Information Security Officer (VCISO)
Tabletop Exercises
Programs
Nest Device Access Security Assessment (SDM API)
Cloud Application Security Assessment (CASA)
ADA Mobile Profile
Shopify Partner Program - Technology Track
Research
TunnelVision
Blog
Company
Press Box
Careers
About Us
Privacy policy
Contact Us
Leviathan Security Group - Penetration Testing, Security Assessment, Risk Advisory
Services
Web Application Penetration Testing
Secure Code Review
Network Penetration Testing
Smart Device and IoT Security Assessment
Vendor Security
Risk Advisory Services
Virtual Chief Information Security Officer (VCISO)
Tabletop Exercises
Programs
Nest Device Access Security Assessment (SDM API)
Cloud Application Security Assessment (CASA)
ADA Mobile Profile
Shopify Partner Program - Technology Track
Research
TunnelVision
Blog
Company
Press Box
Careers
About Us
Privacy policy
Contact Us
Folder: Services
Back
Web Application Penetration Testing
Secure Code Review
Network Penetration Testing
Smart Device and IoT Security Assessment
Vendor Security
Risk Advisory Services
Virtual Chief Information Security Officer (VCISO)
Tabletop Exercises
Folder: Programs
Back
Nest Device Access Security Assessment (SDM API)
Cloud Application Security Assessment (CASA)
ADA Mobile Profile
Shopify Partner Program - Technology Track
Folder: Research
Back
TunnelVision
Blog
Folder: Company
Back
Press Box
Careers
About Us
Privacy policy
Contact Us
WebSockets and Meteor: Attacking Meteor Applications with eighthundredfeet
Application Security, Network Security Cody Martin 4/16/24 Application Security, Network Security Cody Martin 4/16/24

WebSockets and Meteor: Attacking Meteor Applications with eighthundredfeet

A starting point for a comprehensive pen test on any application written using the Meteor framework.  In addition to exploiting some of the framework’s inherent vulnerabilities, it contains a set of classes that can help script a variety of attacks.

Read More
WebSockets and Meteor: A Penetration Tester’s Guide to Meteor
Application Security Cody Martin 4/9/24 Application Security Cody Martin 4/9/24

WebSockets and Meteor: A Penetration Tester’s Guide to Meteor

This post introduces Meteor, a JavaScript framework that makes heavy use of WebSockets, and describes its attack surface and vulnerabilities. 

Read More
WebSockets and Meteor: Introduction to WebSockets for Penetration Testers
Application Security, Network Security Cody Martin 3/26/24 Application Security, Network Security Cody Martin 3/26/24

WebSockets and Meteor: Introduction to WebSockets for Penetration Testers

Most penetration testers know that common web security tools have limited support for WebSocket, but the differences between HTTP and WebSocket run much deeper than that. A successful penetration test on a WebSocket app requires a conceptual understanding of the protocol’s design.

Read More
Attacking Go's Lagged Fibonacci Generator
Application Security Dylan Katz 11/3/22 Application Security Dylan Katz 11/3/22

Attacking Go's Lagged Fibonacci Generator

Read More
Application Security Guest User 4/1/19 Application Security Guest User 4/1/19

Client-Side Authorization

“Don’t use client-side authorization” is a well-known security rule. Or at least it should be. I went looking for a canonical reference for it, and could not find one, so I wrote one. Please comment if you know a better reference for this!

Read More
Application Security Guest User 6/27/18 Application Security Guest User 6/27/18

ASLR Protection for Statically Linked Executables

We present new research that details crucial security weaknesses in Linux software that has been statically linked. We also provide a solution to temporarily resolve these security issues. Finally, we conclude by demonstrating how to have both RELRO [1] and ASLR [2] security mitigations working with static linked executables in the ELF format.

Read More
Newer Posts
Older Posts
  • Services

    Application Security

    • Web Application Penetration Testing
    • Secure Code Review

    Network Security

    • Network Penetration Testing

    Risk and Advisory Services

    • VCISO Services
    • Tabletop Exercises

    Hardware Security

    • Smart Device/IoT Security Assessment

    Vendor Security

    • Vendor Security Management Services
  • Programs

    App Defense Alliance

    • Cloud Application Security Assessment (CASA)
    • Mobile Application Security Assessment (MASA)

    Google Programs

    • Nest SDM API Assessment

    Shopify Programs

    • Shopify Partner Program - Technology Track (formerly PCAP)
  • Research
    • TunnelVision
    • LibEvent CVE-2024-31735
  • Blog

    Featured

    TunnelVision (CVE-2024-3661): How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak

    Categories

    • Risk and Advisory Services
    • Application Security
    • Network Security
    • Enterprise Security
    • Hardware Security
    • View All Blog Posts
  • Company
    • Press Box
    • Careers
    • About Us
    • Privacy Policy

Services

Web Application Penetration Testing

Secure Code Review

Network Penetration Testing

VCISO Services

Tabletop Exercises

Smart Device/IoT Security Assessment

Vendor Security Management Services

Programs

Cloud Application Security Assessment (CASA)

Mobile Application Security Assessment (MASA)

Nest SDM API Assessment

Shopify Partner Program - Technology Track

Research

TunnelVision

LibEvent CVE-2024-31735

Blog

Risk Advisory

Application Security

Network Security

Enterprise Security

Hardware Security

View All Blog Posts

Company

Press Box

Careers

About Us

Privacy Policy
Contact Us
OSZAR »