• 10 posts

CVE-2022-21587(Oracle E-Business Suite RCE): Could RASP or ADR Have Prevented It? And How?

Last week, I saw this post ( discussing the exploitation of an unpatched Oracle vulnerability. The unnamed federal agency took over two weeks to apply the available patch šŸ˜œ. When I read the post, I was like: Is RASP or

Runtime SCA and ADRs: Focusing On What Matters

Vulnerabilities are everywhere and here to stay. Defects can exist in source code or third-party and open-source software. However, not all vulnerabilities pose the same threat, and code that is exploitable in one context may not be exploitable in another. Focusing on what matters is crucial for remediation and prioritization,

Profiling Libraries With eBPF: Detecting Zero-Day Exploits and Backdoors

In this blog post, I will discuss how one can use eBPF for runtime application security to detect library profile deviations. More specifically we will use stack traces to observeĀ what libraries/functions are active in the stack when a system call is issued. Stack traces are very valuable signals

Smashing Runtime Application Self-Protection (RASP)

In this post, we will explore why RASP, or Runtime Application Self-Protection, is not always effective in protecting your Java applications and can be bypassed. Introduction Open source security has long been problematic, yet many organizations continue to overlook its importance. Existing sandboxing solutions such as seccomp and LSMs (SELinux,

How ADRs solve the the last mile problem of application security

Few companies are starting to pave the way for Application and Detection Response (ADR) including Oligo Security, RevealSecurity and Miggo Security. You may find yourself quickly lost in understanding what these solutions aim to tackle. First, each of these solutions likely focuses on what they do best. For example, Oligo

Unpacking the Apache ActiveMQ Exploit (CVE-2023-46604)

Pre-reading Requirements In this post, I assume you have a basic background in software and cybersecurity engineering. However, even if you're not highly technical, don't worry, I will ensure that you can grasp and understand the intricacies of the vulnerability and the exploit, as well as

Privacy Concerns and Potential Attacks in LLMs

Large Language Models (LLMs), exemplified by OpenAIā€™s GPT-4 and Metaā€™s LLaMA, continue to impress us with their capabilities, which have surpassed expectations from just a few years ago. Recently, the research community has shifted its focus towards the optimal and efficient usage of resources. Concepts like the Mixture

Feedback-based Application Security Testing (FAST)

DAST and black-box approaches are methods used to test the security of an application by analyzing its behavior in response to inputs without having knowledge of the applicationā€™s internal structure or the code being executed. These approaches rely on generating inputs through methods such as brute force and randomness,

Runtime Application Self Protection (RASP)

Traditional security measures, including firewalls, intrusion detection systems and AVs aim to prevent malicious activities by identifying and blocking known threats before they can cause harm. These security measures frequently employ signature-based detection methods, complemented by heuristic, machine learning and behavior analysis techniques. RASP (in short for Runtime Application Self