
Blog Posts
Finding Android SSL Vulnerabilities with CERT Tapioca
Hey, it's Will. In my last blog post, I mentioned the release of CERT Tapioca, an MITM testing appliance. CERT Tapioca has a range of uses....
• By Will Dormann
In CERT/CC Vulnerabilities
Announcing CERT Tapioca for MITM Analysis
Hi folks, it's Will. Recently I have been investigating man-in-the-middle (MITM) techniques for analyzing network traffic generated by an application....
• By Will Dormann
In CERT/CC Vulnerabilities
Bundled Software and Attack Surface
Hi, it's Will. We are all probably annoyed by software that bundles other applications that we didn't ask for....
• By Will Dormann
In CERT/CC Vulnerabilities
Heartbleed: Q&A
This blog posting presents questions asked by audience members during the Heartbleed webinar and the answers developed by our researchers.
• By Will Dormann
In Secure Development
Taking Control of Linux Exploit Mitigations
Hey, it's Will. In my last two blog entries, I looked at aspects of two exploit mitigations (NX and ASLR) on the Linux platform....
• By Will Dormann
In CERT/CC Vulnerabilities
Differences Between ASLR on Windows and Linux
Hi folks, it's Will again. In my last blog entry, I discussed a behavior of NX on the Linux platform. Given that NX (or DEP as it's known on the …
• By Will Dormann
In CERT/CC Vulnerabilities
Feeling Insecure? Blame Your Parent!
Hey, it's Will. I was recently working on a proof of concept (PoC) exploit using nothing but the CERT BFF on Linux....
• By Will Dormann
In CERT/CC Vulnerabilities
Hacking the CERT FOE
Hey folks, it's Will. Every now and then I encounter an app that doesn't play well with FOE. You don't have to throw your hands up in defeat, though....
• By Will Dormann
In CERT/CC Vulnerabilities
BFF 2.7 on OS X Mavericks
Hi folks, it's Will. Apple has released OS X Mavericks. Because BFF 2.7 was released before Mavericks, BFF doesn't work right out of the box....
• By Will Dormann
In CERT/CC Vulnerabilities
Vulnerabilities and Attack Vectors
Hi, this is Will Dormann of the CERT Vulnerability Analysis team. One of the responsibilities of a vulnerability analyst is to investigate the attack vectors for potential vulnerabilities....
• By Will Dormann
In CERT/CC Vulnerabilities
Get updates on our latest work.
Sign up to have the latest post sent to your inbox weekly.