9 RESULTS IN TAG "hack":

Finding subdomains for open source intelligence and pentest

Many of us are in the security consulting business, or bug bounties, or even network intelligence and have now and then come across a need to find subdomains. The requirement can be from either side of the table - a consultant assessing a client's internet presence, or a company validating its own digital footprint. In more than a decade, it has happened so many times that people are not aware of what old assets are they running, and hence can be exploited to either damage the brand image, or actual networks. These assets can also be used as the proxy...
Read More

Wake up call. Apache Struts is being exploited

Dislaimer: It's a tale of incident response for a vulnerability dated March 2017, that wasn't patched on the server. And, someone exploited it naively. It was in the night that I received a message - "We have been hacked". As with most of the hacks, people tend to overreact (or sometimes under) and the 1st message delivers the least amount of information. It started a chain of events, and forensics to identify what happened, and how? Around 23:00h there was a trigger that some packet was knocking on the firewall port to go out of the internal...
Read More

Jump Air-gap, Low Level C&C

The threat landscape is very dynamic, and new threat vectors are exploiting vulnerabilities for fun and profit. The whitehat security community is having a race against time with their counterparts. And, often the companies are becoming a target to spear phishing, APT and bots. Some institutions like financial sector, insurance sector, defense etc. have strong regulations to protect the perimeter. But, often these sectors have people working on their modern laptops with different adaptors - Wifi and Bluetooth. Now, the focus of this article is to demonstrate how to send data without connecting to any network; therefore, making it tough...
Read More

DDOS, it's time to turn your toasters off

Most of you are already aware of the fact that half of the internet went down (or slow), when a 'bad-hackers' group weaponized 'millions of insecure IOT devices' to attack a DNS provider. Personally from my browsing habits, I was largely effected by Twitter being dramatically slow while other sites felt little sluggish. Anyways, this brings us to a number of question(s), Should I be surprised? I think NO. We knew this sh*t is coming. It's high time to check/ restrict your refrigerator, TV and lights for internet connectivity. Is there a silver bullet to beat this?I...
Read More

The infamous issue of target _blank code

This is one of those vulnerabilities which hasn't got enough spotlight, and therefore vendors are still reluctant to fix it. Some of the vendors do not consider this a vulnerability at all. Here via this blog post, I would like to highlight this issue, and also possible workaround(s). What is "target="_blank"? If you have done the HTML coding you must be aware of the target=_blank when you write your links via href. As per definition[1], the target attribute specifies where to open the linked document. The issue is very much when it tells...
Read More

Linux Issue with TCP ACK (Part 1)

A flaw in the Linux kernel[1] used since late 2012 allows adversaries to inject malicious traffic, without MITM. In a Wednesday presentation at the USENIX Security Symposium researchers showed that this flaw lies in the Transmission Control Protocol (TCP) used by Linux since late 2012. In their research paper - Off-Path TCP Exploits: Global Rate Limit Considered Dangerous, the researchers document possible use cases, and attack scenarios on how this global limit be exploited to perform connection drop and/or injection attacks. With so much buzz in the world, I will attempt to cover some network 101201 basics on...
Read More

Lessons from LinkedIn DB Breach

We are aware that social networking site LinkedIn was breached in June, 2012 and nearly 6 million user credentials were stolen. In May 2016 it's confirmed that nearly 115+ million credentials were stolen, and are now available for sale. So, it's time we revisit what went wrong, and what can we learn from it. First and foremost, there were vulnerabilities (or at-least one) in the web-application and the way it queries the DB was not well implemented. It means the adversary would have found a way to dump the data from it's DB. [Application Development] When the data was being...
Read More

NIST view on Cyber Threat Information Sharing

Reference: 800_150_Draft Document Note: This article summarizes the draft paper, and may contain snippet(s) from it. I love you NIST (National Institute of Standards and Technology). I admire the contribution and knowledge available @NIST and we all have gained a lot from these standards. Now, when I read the draft on “Cyber Threat Information Sharing” (SP800-150) my first reaction was – Oh good God, finally its here! Its been so long I was waiting for this. I have been evangelizing the need for collaboration, the dire necessity to join hands and the value of being together as one...
Read More