Blog

Blog

Android Mobile Application, Runtime Mischief

Introduction 7 Elements conduct a large number of mobile application penetration tests as part of our security consulting services. An area of interest amongst our customers is our ability to bypass root detection, local application logic and access sensitive objects which are encrypted at rest. What will this blog cover? This blog will cover attacking […]

Read More

Chasing another SQL Injection

Firstly, what is SQL injection? SQL injection occurs where user controlled data is converted into an SQL statement and is executed by the web application’s database server. What is the threat? A successful SQL injection attack can lead to the insertion, modification or deletion of database data. SQL injection based attacks can also aid in […]

Read More

ADM Industry Leadership Group

7 Elements CEO appointed by the Aerospace, Defence and Marine (ADM) Industry Leadership Group David Stubley, CEO at 7 Elements, a key player in the Scottish information security industry, has been appointed as a new member of the Aerospace, Defence and Marine (ADM) Industry Leadership Group (ILG). The group has expanded its remit to cover Cyber Security as […]

Read More

CVE-2015-2342 – Remote Code Execution within VMware vCenter

CVE-2015-2342 – Remote Code Execution within VMware vCenter – ‘All your base are belong to us’ Introduction At the beginning of the year 7 Elements identified an unreported vulnerability within VMware’s vCenter product. The vulnerability provided SYSTEM level access to the hosting server and lead to a full compromise of the environment. Due to the […]

Read More

Keeping cool in a crisis – Incident Response

Back in January 2015, SC Magazine published my article on keeping cool in a crisis. With the ever-increasing portfolio of breached organisations, maybe it is time to revisit that advice again? Cyber-Attacks In today’s world it is inevitable that organisations will suffer cyber-attacks. When an organisation is attacked their incident management procedures will be key in sustaining […]

Read More

Cryptic message of the day

MjAxNS0wNy0yM1QwMDowMTowMCswMTowMCAweDM3CTB4NDUgCTB4NWYgCTB4 MzUgCTB4NTkJMHg1MgkweDUzCTB4NWYJMHg0ZgkweDRjCTB4NDQJMHg1Zgkw eDU0CTB4NGYJMHg0NAkweDQxCTB4NTk=

Read More

OpenSSL Vulnerability Notice, Patch Now!

On the 24th of June 2015, Adam Langley and David Benjamin (Google/BoringSSL) reported a vulnerability that allows attackers to cause specific checks on untrusted certificates to be bypassed. By bypassing checking of the CA (certificate authority) flag, attackers could use a valid leaf certificate to act as a CA and clients would “validate” an invalid […]

Read More

Securi-Tay IV, a field trip

7 Elements are pleased to convey our experiences of the Securi-Tay fourth annual security conference at Abertay University. With a graduate and senior tester attending, we split up to combine our efforts to hear as many talks as possible. We have written an overview of a subset of the great talks we heard, in no […]

Read More

BitTorrent Distributed Denial of Service

We recently worked with a client that had suffered a denial of service on one of their websites. They wondered if we could tell them what had happened and how to stop it from happening again. So, time to start digging through logs to work out what was going on. It turned out that the attack […]

Read More

No! Not Casper, not that friendly GHOST!

Last year (2014) we saw a couple of big exploits that made the headlines and security teams all around the world are still picking up the pieces left by Heartbleed and ShellShock. So where are we this year? We are not even 10% into the new year and already contenders are popping up trying to make their name. The […]

Read More