NetSPI Blog

Ken Johnson
February 28th, 2017

Cisco ASA Remote Code Execution – Verifying CVE-2016-1287

Remote Code Execution on Cisco ASA A year ago ExodusIntel disclosed a vulnerability affecting the IKE implementation in Cisco’s ASA products. The error is due to an overflow in the checking of reassembled IKE fragments, and allows remote code execution from an unauthenticated attacker. More information on the technical aspects of this can be found […]

Ken Johnson
February 14th, 2017

Attacking JavaScript Web Service Proxies with Burp

JavaScript Web Service Proxies are an alternative to WSDL (Web Services Description Language) files for interacting with WCF Web Services. The proxy files function as a description of the web service methods, exposing the available service methods as well as their parameters. JavaScript Service Proxies, or JSWS (JavaScript Web Services) as I will be calling […]