InfoSec

/InfoSec

Using Iodine for DNS Tunneling C2 to Bypass Egress Filtering

Using Iodine for DNS Tunneling C2 to Bypass Egress Filtering   Intro Security-conscious organizations will often restrict the types of traffic allowed out of their networks. Protocols or ports deemed unnecessary for the majority of the organization’s users will simply be blocked, with whitelists established for the few users who may have a business need [...]

By |2019-08-12T18:15:45+00:00August 12th, 2019|Categories: InfoSec, IT Security News|0 Comments

Basic ROP Techniques and Tricks

Basic ROP Techniques and Tricks Intro During assessments, we’ll occasionally run across custom binaries. Since most modern binaries include mitigations such as a non-executable stack (NX) and run on systems employing Address Space Layout Randomization (ASLR), knowledge of modern exploit development techniques that can defeat mitigations is useful in evaluating the security of these binaries. [...]

By |2019-07-18T21:39:58+00:00July 18th, 2019|Categories: InfoSec|0 Comments

CVE-2019-7629: RCE in an Open Source MUD Client

CVE-2019-7629: RCE in an Open Source MUD Client A few weeks ago I took the Corelan Advanced class and when I came back, I started poking at some open source projects that I personally use. It was a great exercise and I ultimately ended up with my first CVE. I was a little disappointed I [...]

By |2019-03-01T14:08:37+00:00February 18th, 2019|Categories: InfoSec, Vulnerabilities|0 Comments

Bypassing WAFs with JSON Unicode Escape Sequences

Bypassing WAFs with JSON Unicode Escape Sequences This blog post will discuss how I was able find a blind SQL injection, analyze a WAF, find a JSON unicode escape bypass, and then automate the bypass by writing a sqlmap tamper script. SQLi Identification WAF Analysis Bypass Identification Tamper Script SQLi Identification The particular payload that [...]

By |2019-02-05T12:17:45+00:00December 20th, 2018|Categories: InfoSec, Vulnerabilities|0 Comments

HoneyPi – An easy honeypot for a Raspberry Pi

HoneyPi - an easy honeypot for a Raspberry Pi It is astonishingly easy as an attacker to move around on most networks undetected. Let's face it, unless your organization is big enough to have full packet capture with some expensive IDS, you will likely have no idea if there is an attacker on your [...]

By |2019-02-22T06:59:29+00:00August 22nd, 2017|Categories: InfoSec|24 Comments

What is DLL Hijacking?

DLL Hijacking is a way for attackers to execute unexpected code on your machine. This means that if an attacker can get a file on your machine (by social engineering, remote control, etc.)  that file could be executed when the user runs an application that is vulnerable to DLL Hijacking. To understand how it works, you [...]

By |2019-02-05T12:17:45+00:00October 19th, 2016|Categories: InfoSec|Tags: |0 Comments

Referer Redirection and Its Inconspicuous Danger

Referer Redirection and Its Inconspicuous Danger Recently I noticed some peculiar behavior on web application. I observed that in certain situations, the webpage would openly redirect to the ‘Referer’ header defined in the request. In this particular instance, the web application required some data from the user to perform that page’s function. When that data was not present, [...]

By |2019-02-05T12:17:45+00:00August 23rd, 2016|Categories: InfoSec, Vulnerabilities|0 Comments

Cross-Site Request Forgery Cheat Sheet

Cross-Site Request Forgery Cheat Sheet The Cross-Site Request Forgery (CSRF) Cheat Sheet is a flowchart that is designed to cover the common scenarios that an experienced application penetration tester would test for in CSRF testing. It should be most useful for newer penetration testers who don't have a comprehensive understanding of CSRF testing, although it should [...]

By |2019-03-23T18:18:16+00:00April 3rd, 2016|Categories: InfoSec|4 Comments

Can’t Hack a Hacker: Reverse Engineering a Discovered ATM Skimmer

Can't Hack a Hacker: Reverse Engineering a Discovered ATM Skimmer Background When traveling, Elizabeth and I are always a little bit extra cautious; we hide money in special belts, we carry emergency cards in 3 separate places, we never withdraw more than $100 from the ATM. One precaution Elizabeth always takes, is covering [...]

By |2019-02-05T12:17:46+00:00March 31st, 2016|Categories: InfoSec|65 Comments