While performing a code review of the GitLab open source codebase, I found a pervasive open redirect vulnerability affecting project pages. The Project Application controller defines a before_action filter named . This filter attempts to detect and remove the git
While performing a network penetration test for one of our clients at GDS, I came across a BlackBerry Workspaces (formally WatchDox) Server. These servers can be deployed on customer networks and function as stand-alone appliances. According to BlackBerry: BlackBerry(R) Workspaces
I recently published a post on the GDS blog about performing code reviews on Ethereum smart contracts. In the post, I demonstrate using a tool I open sourced named the Solidity Function Profiler. You can find the post here.
Static analyzers are good at detecting certain types of security vulnerabilities. However, one place that static analysis often falls short is in the detection of authorization bugs. This is because authorization tends to be a “business logic” problem. How would
So this just happened. It’s late, but before heading to bed I wanted to quickly write-up a technical analysis of this one because it’s quite short. One of the quickest ways to understand a vulnerability is to look at its
Back in April of 2017, the Golem Project published a blog post about the discovery a security bug affecting some exchanges such as Poloniex. According to the post, when certain exchanges processed transactions of ERC20 tokens, input validation was not
If you’re looking to get your feet wet in Ethereum or test out a new contract that you’re developing, you may choose to run your own private network. This can be done rather than using one of Ethereum’s public testnets.
By now, you may have read this story about someone having $8,000 worth of Bitcoin stolen due to a social engineering attack on their Verizon account. This was an unfortunate event and an urgent reminder that SMS-based 2FA isn’t secure.
I just published some research I did with Gotham Digital Science on the recent Struts vulnerability, CVE-2017-5638. You can find that (rather long) post here, full of in-depth code review and an additional, lesser known attack vector: An Analysis of
On December 1st, I took the Offensive Security Certified Professional (OSCP) exam and successfully earned my certification. For those unfamiliar with OSCP, it is a hands-on training course and certification offered by Offensive Security. The content it focuses on is immense;