GamaSEC Information Security Auditing and Consulting Services

GS07-02 RSA Keon Multiple XSS Vulnerabilities GS07-01 %uff Encoding IDS/IPS Bypass Free Softwares for Security Auditing Discovering a Security Vulnerability Security Audits Conclusion Report (2006) IPS Security and Evasion Penetration Testing with Metasploit Framework Exploit Development Frameworks

Understanding Cyber Attacks Essentials of Penetration Testing Advanced Penetration Testing Internal Penetration Testing Web Application Security Testing Advanced Exploit Development Information Security Policy and Standarts Information Security Implementation Information Security Awareness Information Security Essentials Information Security Technologies Secure Web Application Development Hardening Incident Response

GS07-02 RSA Keon Multiple Cross-Site Scripting Vulnerabilities

RSA KEON Registration Authority Web Interface has multiple Cross-Site Scripting Vulnerabilities. An attacker could use these vulnerabilities for manipulating the registration information, phishing and other client side attacks.

GamaSEC Security Advisory : GS07-02

GS07-01 Full-Width and Half-Width Unicode Encoding IDS/IPS/WAF Bypass Vulnerability

Various HTTP content scanning systems fail to properly scan full-width/half-width Unicode encoded traffic. By sending encoded HTTP traffic to a vulnerable content scanning system, an attacker may be able to bypass the content scanning system.

GamaSEC Security Advisory : GS07-01

Fatih ÖZAVCI of the GamaTEAM members presented the "Free Softwares for Security Auditing" seminar during "VI. Linux and Free Software Festival". In his seminar, security audit processes and role of free softwares were discussed.

Presentation (Turkish) :

Fatih ÖZAVCI of the GamaTEAM members presented the "Discovering a Security Vulnerability" seminar during "Sacis Expo 2007". In his seminar, types of security vulnerabilities, level of impact and techniques for discovery were discussed.

Presentation (Turkish) :

Similar security vulnerabilities have been detected in many corporations as a result of Internet, Local Network and Application Audit services provided by GamaSEC Information Security Auditing and Consultancy Services. The most common security vulnerabilities detected during 2006 have been assessed and a report has been issued, which involves the audited business sectors, the extent of auditing, detailed description of the detected security vulnerabilities, suggestions for solution and references.

Security Audits Conclusion Report (2006)

Fatih ÖZAVCI of the GamaTEAM members presented the "IPS Security and Vulnerability" seminar during the "Information Security Group (Bilgiguvenligi.org) - September 2006" meeting. In his seminar, the vulnerabilities of Intrusion Prevention Systems, weaknesses of architecture and advanced techniques for bypass were comparatively discussed.

Presentation (Turkish) :

Fatih ÖZAVCI of the GamaTEAM members presented the "Exploit Development Frameworks" seminar during "Sacis Expo 2006". In his seminar, the needs for exploits, the exploit development processes and needs for development were analyzed and the exploit development frameworks were comparatively discussed.

Presentation (Turkish) :