Our blog
This is a new release of our tool designed to assess TLS clients security (certificates validation, protocols and ciphers support): v0.8.1.
The corresponding packages for various Ubuntu versions are prepared in ppa:gremwell/qsslcaudit. Packaging for Kali is handled by Kali maintainers.
The single…
February 25, 2020 | by pavel
During a recent engagement, we tried to enumerate email accounts by abusing previously reported user enumeration issue affecting Office 365, but found out it no longer works.
In the past, sending authentication requests to ActiveSync with Basic HTTP authentication mechanism would return different…
February 18, 2020 | by quentin
This is a new release of our tool designed to assess TLS clients security (certificates validation, protocols and ciphers support): v0.6.0.
The single huge feature added: support of assessing DTLS clients.
DTLS is an implementation of TLS protocols for UDP protocol. There are two versions available…
July 4, 2019 | by pavel
The following post will cover some techniques to test Meteor applications with Burp Suite. This can also be applied to other protocols that run over WebSockets.
To test this yourself, the example Meteor application “Todos” can be downloaded here.
Test Fallback to XHR
Meteor applications use…
June 15, 2019 | by sean
We are looking for a penetration tester again. The business has been growing steadily and we need more people.
We will prefer somebody from Belgium or EU, but will consider applications from other countries also. We are located in Brussels, Belgium. The job is full time, mostly on customer sites…
May 22, 2019 | by alla
Our tool designed to assess TLS clients security (certificates validation, protocols and ciphers support) got several updates and achieved version v0.4.0.
TLS clients are now analyzed more precisely, summary table is now colored, few bugs were fixed.
Give it a try. Github's issue tracker is at your…
April 26, 2019 | by pavel
In this post I'll describe how I used hardware hacking techniques to get more information about the device and dump its internal storage. If you missed the introductory post you can find it here Man-in-the-conference room - Part I (Introduction). Let's start right away !
If we remove the two…
April 23, 2019 | by quentin
Back in 2017 a small device appeared on my desk. A wireless presentation device that one of our customers wanted to deploy on its premises, but not before we had audited it first.
The idea behind those devices is pretty simple: instead of running from meetings to meetings with HDMI and VGA cables…
April 23, 2019 | by quentin
Pavel has released go-jtagenum. This project is a port of JTAGenum and JTAGualtor to the Golang. It is supposed to be used under Linux (or any OS which Go supports) on the device with GPIO lines exported to userspace. Raspberry Pi 1,2,3 is the most famous example.
go-jtagenum repo is here
March 18, 2019 | by alla
Contacts
+32 (0) 2 215 53 58
Gremwell BVBA
Sint-Katherinastraat 24
1742 Ternat
Belgium
VAT: BE 0821.897.133.