Eric Gruber
Director, Attack Surface Management
Eric's academic background includes a BS and a Master's degree in Computer Science from the University of Minnesota, with a focus on networking, security, and software engineering. His professional experience encompasses work in the education, information technology, and information security sectors, where he has been involved in designing and developing software, maintaining information systems, and researching security topics.
More by Eric Gruber
Mastering the Art of Attack Surface Management
In this webinar, you'll learn from two of our ASM experts, Cody Chamberlain and Eric Gruber, on how to implement a human-first, continuous, risk-based approach to attack surface management.
Anonymous SQL Execution in Oracle Advanced Support
This blog post is a walk through of an anonymous SQL execution vulnerability I discovered in Oracle Advanced Support.
Java Deserialization Attacks with Burp
The recent Java deserialization attack that was discovered has provided a large window of opportunity for penetration testers to gain access to the underlying...
Debugging Burp Extensions
In this blog post, I'm going to walk through how we can setup debugging in Burp and our IDE when we create Burp extensions. Essentially, we are just going to be setting up Java remote debugging.
Top 10 Critical Findings of 2014 – Mobile Applications
In this blog post I will cover high level trends and the top 10 critical vulnerabilities we saw in 2014 during mobile applications penetration tests.
Top 10 Critical Findings of 2014 – Thick Applications
Top 10 critical findings from thick application penetration tests, along with high-level trends and insights for app developers.
Decrypting WebLogic Passwords
The following blog walks through part of a recent penetration test and the the decryption process for WebLogic passwords that came out of it.
Dumping Git Data from Misconfigured Web Servers
In this blog, I will be walking through ways in which a person can obtain information from a web server that has a publicly available .git directory.
Attacking Android Applications With Debuggers
In this blog, I am going to walk through how we can attach a debugger to an Android application and step through method calls by using information gained from first decompiling it.
Verifying ASLR, DEP, and SafeSEH with PowerShell
PowerShell is a great solution for this because it is a native tool and can tap into the Windows API and carve out information within files. What I’m interested in are the PE (Portable Executable) headers within compiled 32bit and 64bit images.
Android Root Detection Techniques
I have taken a look at a lot of Mobile Device Management (MDM) solutions lately to figure out how they are detecting rooted Android devices. In this blog, I will provide a list of packages, files, folders, and commands that I have found to be used in root detection.
Bypassing AirWatch Root Restriction
Mobile devices are becoming more common in corporate environments. As a result, mobile device management solutions (MDM) have cropped up so that employers can remotely manage and wipe devices if necessary, along with setting certain requirements that employees must comply with.