Blog Posts

Finding Android SSL Vulnerabilities with CERT Tapioca

Hey, it's Will. In my last blog post, I mentioned the release of CERT Tapioca, an MITM testing appliance. CERT Tapioca has a range of uses....

Read More

September 2, 2014 • By Will Dormann

In CERT/CC Vulnerabilities

Announcing CERT Tapioca for MITM Analysis

Hi folks, it's Will. Recently I have been investigating man-in-the-middle (MITM) techniques for analyzing network traffic generated by an application....

Read More

August 20, 2014 • By Will Dormann

In CERT/CC Vulnerabilities

Bundled Software and Attack Surface

Hi, it's Will. We are all probably annoyed by software that bundles other applications that we didn't ask for....

Read More

July 6, 2014 • By Will Dormann

In CERT/CC Vulnerabilities

Heartbleed: Q&A

...

Read More

May 11, 2014 • By Will Dormann

In Secure Development

Taking Control of Linux Exploit Mitigations

Hey, it's Will. In my last two blog entries, I looked at aspects of two exploit mitigations (NX and ASLR) on the Linux platform....

Read More

February 16, 2014 • By Will Dormann

In CERT/CC Vulnerabilities

Differences Between ASLR on Windows and Linux

Hi folks, it's Will again. In my last blog entry, I discussed a behavior of NX on the Linux platform. Given that NX (or DEP as it's known on the …

Read More

February 9, 2014 • By Will Dormann

In CERT/CC Vulnerabilities

Feeling Insecure? Blame Your Parent!

Hey, it's Will. I was recently working on a proof of concept (PoC) exploit using nothing but the CERT BFF on Linux....

Read More

February 2, 2014 • By Will Dormann

In CERT/CC Vulnerabilities

Hacking the CERT FOE

Hey folks, it's Will. Every now and then I encounter an app that doesn't play well with FOE. You don't have to throw your hands up in defeat, though....

Read More

November 25, 2013 • By Will Dormann

In CERT/CC Vulnerabilities

BFF 2.7 on OS X Mavericks

Hi folks, it's Will. Apple has released OS X Mavericks. Because BFF 2.7 was released before Mavericks, BFF doesn't work right out of the box....

Read More

October 22, 2013 • By Will Dormann

In CERT/CC Vulnerabilities

Vulnerabilities and Attack Vectors

Hi, this is Will Dormann of the CERT Vulnerability Analysis team. One of the responsibilities of a vulnerability analyst is to investigate the attack vectors for potential vulnerabilities....

Read More

September 30, 2013 • By Will Dormann

In CERT/CC Vulnerabilities