We aim to prevent threats and manage technological risk by ensuring compliance with international standards and best information security practices.
Unlike conventional penetration testing services, we leverage our own botnet to perform security tests. This enables us to expand the attack surface and discover security flaws faster while keeping highly competitive prices. This methodology is useful to bypass different kinds of IP blocking measures like brute force protection, API rate limiting based on IP or WAF based IP blacklisting.
An attack node is where all our connections to the target server are generated. Support nodes were created to provide passive detection.
Our penetration testers manage the botnet coordinating the analysis, creating specific tasks and assess each attack result.
This process occurs simultaneously with the other three and documents all findings at the same time that they are detected, preventing of wasting time at the end of the penetration testing analysis.
The scheme "mailto" is vulnerable if one takes as default mail client to GroupWise, the fault is to implement the scheme followed by an extensive argument and this causes the buffer overflow. This brings the consequence that can overwrite the EIP and is able to execute arbitrary code. The result with a debbuger us what reveals.
It was found two ways to cause a denial of service on the Microsoft Office Publisher, this is done by creating a malformed file with specific characteristics.
The bug is caused when an user tries to open a url with a invalid char, in this time, you can edit the error page, and make a "spoof". This not would be important because when you make the spoof the "invalid web" is loading all time, but as firefox allow that you call the "stop" method of other page you can stop this.