In this article, we will look at CVE-2014-3566, also known as the Padding Oracle On Downgraded Legacy (POODLE) vulnerability, which results from support for SSL version 3.0. This attack requires a per...

In this article, we will look into CVE-2013-2566, also known as RC4 Byte Biases. The RC4 algorithm, which is used in the TLS and SSL protocols, has many single-byte biases, making it easier for remote...

This article will examine CVE 2012-4929, also known as the CRIME vulnerability. To obtain plaintext HTTP headers, attackers with person-in-the-middle context can compare length differences between a s...

In this article, we will look at CVE-2015-0204, also known as the FREAK attack. This attack makes use of a person-in-the-middle position to allow end clients to communicate using RSA Export Keys, whic...

In this article, we will look at CVE Numbers CVE-2016–2183 and CVE-2016–6329, also known as the Sweet32 attack. The attack which involves collecting SSL traffic using legacy block ciphers via a person...

In this article, we will look at CVE Number CVE-2014-0224, also known as the CCS injection vulnerability. This vulnerability results from a flaw in certain versions of OpenSSL that allows an attacker ...

In this article, we will look at CVE Number CVE-2011-3389, also known as BEAST. BEAST, or Browser Exploit Against SSL/TLS, is a largely theoretical attack that requires a person-in-the-middle to eaves...

In this article we will look at the SSL Logjam vulnerability. This is a person-in-the-middle attack, similar to FREAK, that exposes Export Grade cipher suites. This time, Diffie-Hellman is used instea...

In this article we look at CVE Number CVE-2016-0800, also known as the DROWN vulnerability. Decrypting RSA with Obsolete and Weakened eNcryption (DROWN) is an attack that demonstrates that even if you...

The term "Red Teaming" is frequently used in the realm of cyber security. Its meaning has evolved over time due to a variety of factors, including vendors misusing the term in marketing. As a foundati...