Westpoint at BSides Manchester 2015
A few weeks ago a number of Westpoint staff attended the excellent BSides Manchester conference. It was great fun as usual and a chance to catch up with some old friends.
I gave a presentation on Low-level TLS hacking which was recorded and is now available on the BSides Manchester YouTube channel along with many others. You can view the video below, and the slides are available.
The pytls library and the TLS prober tool used to fingerprint SSL/TLS servers can be found in the Westpoint repositories on github.< Previous Article
Understanding the Heartbleed Proof of Concept Next Article >
Understanding the Heartbleed Proof of Concept
Unless you've been on a desert island all week, you've probably heard about a major vulnerability in OpenSSL called Heartbleed (or more prosaically CVE-2014-0160. The issue has received huge amount of coverage in the news, and for once was actually a serious enough issue to justify all the hype. This post breaks apart the proof of concept exploit to explain in detail how it works.Read more
XML External Entities, Attack and Defence
XML is used widely in many different areas of computing. It's been wildly successful especially compared to its more complex sibling SGML. Most people think of XML as just a bunch of tags and some text, which is normally a perfectly reasonable way to regard it. Unfortunately when you're working with XML data that originates from an untrusted source there are some gotchas waiting to bite you.Read more
What Does Equality Mean?
Comparing two URLs for equality doesn't sound like a complicated problem, but there is actually more to it than you would expect. This post shows how this simple task can lead to some surprising behaviour.Read more