Eric Gruber
VP, Services Research
Eric's academic background includes a BS and a Master's degree in Computer Science from the University of Minnesota, with a focus on networking, security, and software engineering. His professional experience encompasses work in the education, information technology, and information security sectors, where he has been involved in designing and developing software, maintaining information systems, and researching security topics.
More by Eric Gruber
Uncovering the Unseen: Real Stories of Asset Discovery
August 21, 2024
Securing your environment starts with knowing what you don’t know. Watch this webinar on-demand now for asset discovery stories from the front line.
Mastering the Art of Attack Surface Management
February 21, 2022
In this webinar, you'll learn from two of our ASM experts, Cody Chamberlain and Eric Gruber, on how to implement a human-first, continuous, risk-based approach to attack surface management.
Anonymous SQL Execution in Oracle Advanced Support
July 5, 2017
This blog post is a walk through of an anonymous SQL execution vulnerability I discovered in Oracle Advanced Support.
Java Deserialization Attacks with Burp
March 2, 2016
The recent Java deserialization attack that was discovered has provided a large window of opportunity for penetration testers to gain access to the underlying...
Debugging Burp Extensions
May 26, 2015
In this blog post, I'm going to walk through how we can setup debugging in Burp and our IDE when we create Burp extensions. Essentially, we are just going to be setting up Java remote debugging.
Top 10 Critical Findings of 2014 – Mobile Applications
May 11, 2015
In this blog post I will cover high level trends and the top 10 critical vulnerabilities we saw in 2014 during mobile applications penetration tests.
Top 10 Critical Findings of 2014 – Thick Applications
April 13, 2015
Top 10 critical findings from thick application penetration tests, along with high-level trends and insights for app developers.
Decrypting WebLogic Passwords
April 6, 2015
The following blog walks through part of a recent penetration test and the the decryption process for WebLogic passwords that came out of it.
Dumping Git Data from Misconfigured Web Servers
February 2, 2015
In this blog, I will be walking through ways in which a person can obtain information from a web server that has a publicly available .git directory.
Attacking Android Applications With Debuggers
January 19, 2015
In this blog, I am going to walk through how we can attach a debugger to an Android application and step through method calls by using information gained from first decompiling it.
Verifying ASLR, DEP, and SafeSEH with PowerShell
June 23, 2014
PowerShell is a great solution for this because it is a native tool and can tap into the Windows API and carve out information within files. What I’m interested in are the PE (Portable Executable) headers within compiled 32bit and 64bit images.
Android Root Detection Techniques
December 2, 2013
I have taken a look at a lot of Mobile Device Management (MDM) solutions lately to figure out how they are detecting rooted Android devices. In this blog, I will provide a list of packages, files, folders, and commands that I have found to be used in root detection.