Questions? Call 877-752-7170 or contact@fyrmassociates.com

exploit

macOS Spotlight Data Leak (Vulnerability Fixed)

For a period of time, it was possible to read snippets of memory on a screen-locked mac OS system from the USB port. A while back we noticed some interesting files created by macOS when inserting a USB drive. These files were related to Spotlight, macOS’s built-in search functionality which indexes and enables searching of files on the system, among other things. The presence of the files is fairly standard, as an invisible /Volumes/<Volume Name>/.

Continue reading

XAB Presentation @ USF Whitehatters Club

I will be giving a presentation on XAB (Cross Site Scripting Anonymous Browser) at the University of South Florida’s Whitehatters Computer Security Club’s next meeting on January 29th at 5:00PM. If you are a student at USF interested in learning about computer security, I highly encourage you to get involved with the club. See you there!

Continue reading

XAB – Cross Site Scripting Anonymous Browser updated and seeking help

in Tools

A new release of XAB, the framework that allows one to browse the web via XSS has been updated. This release will now accommodate all content-types, thus allowing any file format to be transferred through the framework. The latest release can be found at sourceforge: [xab.sourceforge.net] (https://sourceforge.net/projects/xab/). We’re seeking volunteers to help out with development. We’d like to take this from a small research project to a community driven effort to expand the possibilities of what can be done with XSS.

Continue reading

XAB Presentation @ OWASP DC Chapter Meeting on 9/2

I will be giving an update on XAB (Cross Site Scripting Anonymous Browser) with Jeff Yestrumskas at the OWASP DC Chapter’s next meeting on September 2 at 6:30PM. More details can be found [here] (http://www.owasp.org/index.php/Washington_DC). See you there!

Continue reading