Leveraging web application vulnerabilities to steal NTLM hashes
Introduction NTLM authentication is the de-facto standard in corporate networks running Windows. There are a plethora of well-understood local attacks that take advantage of the way Windows perform automatic NTLM authentication, and abusing this feature is undoubtedly on the playbook of every penetration tester and red teamer. Here at Blaze Information Security, we recently spent […]
A survey on the usage of HTTP security headers in Brazil and Estonia
Introduction In recent years a number of security-oriented client-side controls for web browsers appeared in the scene in form of security headers. These headers can be used to improve the security of the user experience when interacting with a web application with little additional effort and negligible performance overhead — essentially, they can serve as […]