Emerging Defense
Offensive Security

Latest Posts

Basics of Embedded Devices

We perform a wide variety of embedded device assessments. While each device is unique, most tend to follow a pattern that is even more predictable in older devices. Newer medical devices and other embedded systems have become more complex, but in their roots they following basic PC principals. The exception? This PC contains many secrets hidden within and it is much hared to extract them than simply removing a hard drive.

Read More
Blast from the Past: Memory Corruption

Low-level languages and compiled applications will be around forever, the performance and efficiency compared to high-level “safer” language is still unrivaled. As a result, vulnerabilities stemming from memory corruption are around to stay. Once you understand the basics, you will come to appreciate the sophistication and the complexity involved in preventing memory management bugs and why they will exist forever.

Read More
Download a Public Website via Git Errors

If developers clone directly into the webroot during push of an application or website, meta-data left behind by Git repo management can be abused to download all of the application’s source code files. These types of issues can be identified by browsing to particular pages. If these pages return any information at all, its likely that your application can and has been downloaded in the past.

Read More
Device Backup Jepordizes App Data

All mobile device’s include data backup capabilities.  In most cases two forms of backup exist local and cloud based. Local backups are performed when mobile devices are connected to home PCs over USB and cloud based backups occur continuously on the mobile device using Wi-Fi or Cellular connections. Backup solutions store all kinds of sensitive data completely unknown to the mobile applications that may own it. As a result,  sensitive data is essentially replicated to devices out of the control of the application or organization (BYOD). Regardless of whether an application’s data is encrypted or unencrypted at rest, it is all backed up. This includes all data stored within apps, emails, and attachments.

Read More
Jason Miller