search menu icon-carat-right cmu-wordmark

CERT/CC Blog

Vulnerability Insights

Latest Posts

Cache Poisoning of Mail Handling Domains Revisited

Cache Poisoning of Mail Handling Domains Revisited

• CERT/CC Blog
Leigh Metcalf

In 2014 we investigated cache poisoning and found some in some damaging places, like mail-handling domains. It can't be assumed behaviors on the internet continue unchanged, so I wanted to repeat the measurement. I used our same passive DNS data source and the same method, but now four years later, to investigate this question....

Read More
ACM Digital Threats: Research and Practice... and Columns!

ACM Digital Threats: Research and Practice... and Columns!

• CERT/CC Blog
Leigh Metcalf

We at CERT are very proud of our collaboration with ACM to create the journal ACM Digital Threats: Research and Practice. One of the goals of the journal is to facilitate the communication between researchers and practitioners in the field of Cybersecurity. We have two columns to aid us in achieving this goal....

Read More
Announcing CERT Tapioca 2.0 for Network Traffic Analysis

Announcing CERT Tapioca 2.0 for Network Traffic Analysis

• CERT/CC Blog
Will Dormann

A few years ago, I announced the release of CERT Tapioca for MITM Analysis. This virtual machine was created for the purpose of analyzing Android applications to find apps that don't validate SSL certificates. Since the original release of Tapioca, we have received a request to make it easier to use and add some additional features. The new version of CERT Tapioca improves on the original in multiple ways in that it offers the following:...

Read More
Automatically Stealing Password Hashes with Microsoft Outlook and OLE

Automatically Stealing Password Hashes with Microsoft Outlook and OLE

• CERT/CC Blog
Will Dormann

Back in 2016, a coworker of mine was using CERT BFF, and he asked how he could turn a seemingly exploitable crash in Microsoft Office into a proof-of-concept exploit that runs calc.exe. Given Address Space Layout Randomization (ASLR) on modern Windows platforms, this isn't as easy as it used to be. One strategy to bypass ASLR that is possible in some cases is to leverage a memory leak to disclose memory addresses. Another strategy that...

Read More
The Curious Case of the Bouncy Castle BKS Passwords

The Curious Case of the Bouncy Castle BKS Passwords

• CERT/CC Blog
Will Dormann

While investigating BKS files, the path I went down led me to an interesting discovery: BKS-V1 files will accept any number of passwords to reveal information about potentially sensitive contents! In preparation for my BSidesSF talk, I've been looking at a lot of key files. One file type that caught my interest is the Bouncy Castle BKS (version 1) file format. Like password-protected PKCS12 and JKS keystore files, BKS keystore files protect their contents from...

Read More
Declaring War on Cyber Terrorism...or Something Like That

Declaring War on Cyber Terrorism...or Something Like That

• CERT/CC Blog
Leigh Metcalf

This post is co-authored by Deana Shick, Eric Hatleback and Leigh Metcalf Buzzwords are a mainstay in our field, and "cyberterrorism" currently is one of the hottest. We understand that terrorism is an idea, a tactic for actor groups to execute their own operations. Terrorists are known to operate in the physical world, mostly by spreading fear with traditional and non-traditional weaponry. As information security analysts, we also see products where "terrorists" are ranked in...

Read More
The CERT Guide to Coordinated Vulnerability Disclosure

The CERT Guide to Coordinated Vulnerability Disclosure

• CERT/CC Blog
Allen Householder

We are happy to announce the release of the CERT® Guide to Coordinated Vulnerability Disclosure (CVD). The guide provides an introduction to the key concepts, principles, and roles necessary to establish a successful CVD process. It also provides insights into how CVD can go awry and how to respond when it does so....

Read More