Technical Advisories

Technical Advisories

Technical advisories discovered by Info-Assure..

Learn more
Articles

Articles

Security related articles produced by our security consultants..

Learn more
Tools

Tools

Tools to assist with penetration testing, forensics and incident response created by our security consultants..

Learn more

Latest AdvisoriesRead all advisories

15th August 2016

HP StoreFabric B-Series Switch – Privilege Escalation

Daniel Compton of Info-Assure Ltd discovered a security vulnerability within the operating system of ...

Read the advisory
16th July 2015

Sophos Web Security Appliance – Two Vulnerabilities Discovered

Daniel Compton of Info-Assure Ltd discovered two security vulnerabilities within the Sophos Security Web Appliance. These security vulnerabilities allow authenticated users to read files from the operating system of the device and inject arbitrary JavaScript using the GUI management interface.

Read the advisory
14th July 2015

Splunk Enterprise – Stored Cross-Site Scripting Vulnerability

Daniel Compton of Info-Assure Ltd discovered a security vulnerability within the Splunk Enterprise product. This security vulnerability in Splunk Enterprise and Splunk Light allows remote authenticated users to inject arbitrary JavaScript.

Read the advisory
27th February 2015

X-Cart Store – Stored Cross-Site Scripting Vulnerability

Daniel Compton of Info-Assure Ltd discovered a high risk security vulnerability within the X-Cart 5.x shopping cart for WordPress.

Read the advisory

Latest ArticlesRead all articles

19th September 2016

Info-Assure Presents at 44Con Security Conference

Info-Assure principal consultant Daniel Compton presented at the 44CON security conference last week. His talk covered new research into VLAN Hopping, which included live demonstrations and a new tool to assist with testing.

Read the article
15th August 2016

Ransomware – Mitigating Against the Evolving Threat

This paper provides a high level overview of ransomware and some guidelines on how to protect against the threat of this particular type of malware. Ransomware is constantly evolving as malware writers identify more effective methods of infection and exploitation...

Read the article
28th July 2016

SysMon Logger

Info-Assure have released a three component system (SysMon Logger) that allows organisations to have a network wide view of all of the Sysmon data provided by their Windows hosts. This presentation outlines the system design, implementation and functionality provided by SysMon Logger.

Read the article

AutoRun Logger

Info-Assure have released a three component system (AutoRun Logger) that allows organisations to have a network wide view of all of the autorun data provided by their Windows hosts. This presentation outlines the system design, implementation and functionality provided by AutoRun Logger.

Read the article

Latest ToolsBrowse all tools

Surface Auditor

Security auditing script for UEFI settings on Microsoft Surface Pro 3 tablet devices.

Office File Info

Speeds up analysis of newer MS Office docs. Uses officedissector library, dumps macros, embedded objects, etc.

dumpntds

Speeds up the extraction of password hashes from ntds.dit files. For use with the ntdsxtract project or the dshash script.

SysMon Logger

A three component system (SysMon Logger) that allows organisations to have a network-wide view of all of the SysMon data provided by their Windows hosts