The following issues were discovered by MDSec consultants:
- CVE-2018-7572 – Pulse Secure Client Authentication Bypass
- CVE-2018-8007: Apache CouchDB Remote Code Execution
- CVE-2017-9866: Thycotic Secret Safe Spreadsheet Formula Injection
- CVE-2017-10927: Sophos Web Appliance PPD Injection
- MDS20161003-01 – Multiple Vulnerabilities in Motorola Scout
- MDS20151208-01 – Protected Mode: A Case of When No Means Yes
- MDS20151127-01 – SQL Injection in the Samsung Voice Framework
- MDS20151008-01 – Multiple Vulnerabilities in SED Systems’ Decimator D3
- CVE-2011-0204: Apple ImageIO TIFF Heap Overflow
- CVE-2011-1931: FFMpeg Out of Array Write in AMV Parsing
- CVE-2011-0194: Apple ImageIO TIFF Image Integer Overflow
- CVE-2010-1845: Apple ImageIO PSD Image Memory Corruption
iOS Application (In)Security: This whitepaper details some of the vulnerabilities identified by MDSec over the past year whilst performing regular iOS application reviews.
Practical Attacks Against Encrypted VoIP Communications: This whitepaper details a number of attacks that can be leveraged to deduce spoken phrases in encrypted VoIP traffic. The whitepaper presents a case study on Skype.
OAP: A framework for automating Oracle database penetration tests (Release pending).
iAuditor binary release: A semi-automated framework for penetration testing iOS applications.
iAuditor source code: The github hosted source repository for iAuditor.
SkypeGrep source code: The github hosted source repository for SkypeGrep.
Heartbleed Exploit: An exploit for the Heartbleed vulnerability.
LyncSniper: A tool for penetration testing Skype for Business.
Evaluating iOS Applications: OWASP, PricewaterhouseCoopers, Manchester
iOS Application (In)Security: OWASP, Google, Dublin
Beyond the OWASP Top Ten: OWASP, Google, Dublin
Practical Attacks Against Encrypted VoIP Communications: HackInTheBox Conference, Kuala Lumpur, Malaysia
Heartbleed: 44Cafe, London, UK
Breaking Secure Mobile Applications: BSidesMCR, Manchester, UK
Breaking Secure Mobile Applications: HackInTheBox, Kuala Lumpur, Malaysia
Hacking Adventures in GSM: 44Con, London, UK
Breaking and Entering: BSidesMCR, Manchester, UK
An Anatomy of IoT Security: OWASPMcr, Manchester, UK