Cyber Solutions

Share
Domain Fronting - A Technical Deep Dive
by mrahier96 mrahier96 No Comments

The meaning of Domain Fronting

The purpose of this article is to talk about Domain Fronting . We will therefore focus on the “Host” header field.

1. The HTTP “Host” header, the art of Virtual Hosting

The Host request header specifies the host and port number of the server to which the request is being sent.

In our previous example (“Host: mydomain.xyz”), the host is “mydomain.xyz” and the port is either 80 (HTTP) or 443 (HTTPS). The port is usually implicitly enforced by the URL scheme (http:// or https://).

However, there is a difference between the host in the URL, and the Host header in the message request. In fact, the URL (http://mydomain.xyz/) tells your browser and computer to send the HTTP packets to the IP associated with mydomain.xyz, on port TCP/443……..

Read more

What is the purpose of the Common Vulnerabilities and Exposures (CVE) systems from a security perspective
by mrahier96 mrahier96 No Comments

What is the purpose of the Common Vulnerabilities and Exposures (CVE) systems from a security perspective?

Context and objective of the blog post

In the Intrusion and Application Security team (called IAS for the rest of the post), we discover and publish vulnerabilities found in commercial products almost every year since 2015. This process is done with the Common Vulnerability and Exposure (CVE) system.

With time, we faced different kinds of issues as well as misunderstandings in the publishing process. Therefore, we decided to create a blog post, in the form of a FAQ, to:

  1. Provide a better understanding of the CVE system.
  2. Play to MythBusters with some CVE’s related myths.
  3. Be transparent and precise about the way we handle a vulnerability that we identify in software (web, mobile, desktop…).

💡 The content of this post is based on our experience and on the responsible disclosure process that we follow, with the previous help of the Excellium Services’ CSIRT.

🌎 This process is public. Read more

A CSIRT perspective on most frequent attacks
by mrahier96 mrahier96 No Comments

A CSIRT perspective on most frequent attacks

Adversaries are constantly looking for new victims to make profits and companies are well suited targets (understand, with deep pockets). This year, CERT-XLM dealt on average with 15 incidents per month, and guess what are the most common kind of attacks observed? – drumroll – Business Email Compromise (BEC) and Ransomware, again.

Read more

Top