Whitepapers and Security Advisories
Collection of whitepapers and security advisories written by Encripto.
Documents published here follow a Creative Commons Attribution ShareAlike 3.0 license.
User guide for Encripto’s Blue Team Training Toolkit version 2.8.
16.07.16 - SteelCon 2016 - Improving Computer Network Defense Analysis Training with Adversary Replication Techniques
25.11.15 - NISK 2015 - Improving Computer Network Defense Analysis Training With Adversary Replication Techniques (ISSN: 1894-7735)
Encripto discovered three important vulnerabilities in Netgear Prosafe firewalls. The vulnerabilities could allow an unauthenticated attacker to gain access to a company’s network.
Encripto discovered that Inteno ICE-CLIENT is vulnerable to web directory traversal. The vulnerability could be exploited directly with a web browser, and it could allow unauthenticated attackers to retrieve sensitive files from the device where ICE-CLIENT is running.
Encripto discovered that Inteno DG301 is vulnerable to command injection. The vulnerability could be exploited from the login form available at the web administration interface, and it could allow unauthenticated attackers to execute arbitrary commands with root privileges.
According to the vendor, Netgear ProSafe is a cost-effective line of smart switches for Small and Medium Businesses (SMBs). The products cover an essential set of network features and easy-to-use web-based management. Power over Ethernet (PoE) and Stacking versions are also available.
A range of ProSafe switches are affected by two different vulnerabilities:
CVE-2013-4775: Unauthenticated startup-config disclosure.
CVE-2013-4776: Denial of Service vulnerability.