Security Blog

Is there a right time for a cybersecurity assessment?
Q&A with Eric Rochette, SVP of Global Services

Eric RochetteEric has been with GoSecure for over 15 years and has helped build the Advisory Services team in addition to creating its cybersecurity assessment methodology. In this blog, we asked Eric several questions to help provide more insights around cybersecurity assessments and when organizations should seriously consider performing one. As you will see, Eric is very passionate about the value assessments offer organizations in improving their security risk and maturity.

read more

Step-by-step how to deanonymize emails on LinkedIn

Step-by-step how to deanonymize emails on LinkedInWe have previously talked about LinkedIn having an endpoint for Outlook profile cards. This endpoint is receiving email addresses as input and returns the complete profile information (name, company, location, etc.). These sorts of APIs can be abused for OSINT.

To reproduce the set-by-step tutorial your will need an Outlook account (@hotmail.com, @live.com or outlook.com email), the latest version of ZAP and our WebSocket plugin.

read more

Aurelia Framework Insecure Default Allows XSS

Aurelia Framework Insecure Default Allows XSSAurelia is one of many JavaScript frameworks available for front-end developers. Although nowadays, it is not as popular as Angular or React, its user base is not negligible: It has more than 11,000 stars and over a hundred contributors on its GitHub page. However, if you are one of its users, you need to be aware of its insecure default HTML sanitizer: relying solely on it to filter malicious input may leave you vulnerable to Cross Site Scripting (XSS) attacks.

read more

Creating A Custom View for WebSocket in ZAP

Creating A Custom View for WebSocket in ZAPWhen we were looking at the interactions between the Outlook and the LinkedIn APIs, we encountered WebSocket communications that used some additional encoding. The encoding was nothing too complex, but it was uncommon. It turned out to be LZip compression. However, the inability to read the content of the requests with Burp, ZAP or Web developer consoles in real-time made it difficult to analyze the API.

read more

Deanonymizing LinkedIn Users

Deanonymizing LinkedIn UsersIn this blog post, we will look at the privacy issues with some of LinkedIn’s external APIs. We will demonstrate how it is possible, with an email address, to find its associated LinkedIn profile. It is also possible from a LinkedIn profile to do the reverse path and find a person’s email address. To execute this deanonymization attack, documented features, like LinkedIn’s integration with Outlook and YahooMail, are used.

read more

Categories

Titan Managed Detection & Response
Next-Generation Antivirus
Endpoint Detection & Response
Network Detection & Response
Inbox Detection & Response
Insider Threat Detection & Response
Managed Firewall
Managed SIEM
Vulnerability Management as a Service
GoSecure Titan
Titan Software
Email Security
Web Security
ResponderPRO Forensics Toolkit
Advisory Services
Breach Readiness Services
Cybersecurity Assessment
Security Compromise Assessment
Ethical Hacking
Incident Response & Forensics
Compliance & Audit
3rd Party Technology

Pin It on Pinterest