TunnelVision (CVE-2024-3661): How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak
We discovered a fundamental design problem in VPNs and we're calling it TunnelVision. This problem lets someone see what you're doing online, even if you think you're safely using a VPN.
Encoding Bitwise Functions as Polynomials
Use polynomials to represent Boolean functions, see how they can be solved using generic math, analyze the properties of the representation, and use them to construct an arithmetic logic unit (ALU).
When You Have No Bars
A major network update failure led to a massive cellphone service outage across the US, impacting thousands and disrupting essential services. Despite cellular networks’ redundancy, the incident highlighted vulnerabilities in communication infrastructure when multiple base stations fail simultaneously.
WebSockets and Meteor: Attacking Meteor Applications with eighthundredfeet
A starting point for a comprehensive pen test on any application written using the Meteor framework. In addition to exploiting some of the framework’s inherent vulnerabilities, it contains a set of classes that can help script a variety of attacks.
WebSockets and Meteor: A Penetration Tester’s Guide to Meteor
This post introduces Meteor, a JavaScript framework that makes heavy use of WebSockets, and describes its attack surface and vulnerabilities.
WebSockets and Meteor: Introduction to WebSockets for Penetration Testers
Most penetration testers know that common web security tools have limited support for WebSocket, but the differences between HTTP and WebSocket run much deeper than that. A successful penetration test on a WebSocket app requires a conceptual understanding of the protocol’s design.