Lateral Damage Siege Guide

Finding ways to gain access to restricted networks or systems might sound difficult at first, but once you have the right approach, it gets easier. Red teamers and pentesters alike all have their own set of techniques and tools that help them along the way. Although there is no one unified utility or framework that does it all, there ARE easy steps to help you successfully penetrate an infrastructure..

Read more

Introduction to Snyk

Snyk can identify vulnerable packages in the image through a comprehensive vulnerability database, provide accurate insight into vulnerabilities, and monitor your image.

Read more

Chocobo Root

The Chocobo Root exploit (CVE-2016-8655) was discovered by Philip Pettersson in 2016. The bug itself was introduced to the Linux kernel in 2011 and patched in 2016. It affected a variety of Linux kernel versions and distributions. Exploit DB has C code and Metasploit module for this vulnerability. This bug allows an attacker to run arbitrary commands with administrative privileges by switching AF_PACKET socket versions or cause denial of service.

Read more

Understanding the Threat Landscape

As a SOC analyst, you'll need to understand the essentials and most important concepts of the threat landscape and also understand what a threat is and how to classify it.

Read more

Functions of the SOC

The essentials and most important activities a SOC analyst must perform inside a Security Operation Center.

Read more

Kubernetes Management Techniques

There's a lot of management approaches you can use to work in a Kubernetes cluster; you can use an imperative or a declarative style.

Read more

Intro to Wireshark

If you are a computer network or security enthusiast, you've probably heard of Wireshark. Wireshark is the world's most popular network protocol analyzer. It lets you dive into captured traffic and analyze what is going on within a network. You can use it to diagnose network issues and find network vulnerabilities.

Read more

PowerShell Basics - Part 2

This is the second part of the PowerShell Basics series, covering Execution Policies.

Read more

Voidtools Everything

Ever wish you could search your computer like you search Google? Now you can! Voidtools "Everything" is a search engine for Windows files. With Everything, you can search for Windows files and folders by their filenames or content.

Read more

Escaping Docker Privileged Containers

Privileged containers are often used when the containers need direct hardware access to complete their tasks. However, privileged docker containers can enable attackers to take over the host system. Today, let's look at how attackers can escape privileged containers.

Read more

Kubernetes Services

Kubernetes services are an abstract way to expose a container as a network service.

Read more

PowerShell Code Signing

If you are a system administrator, you might have had to run Task Scheduler jobs or delegate tasks to end-users. But have you wondered how you could run these tasks securely? How do you ensure the integrity and quality of the scripts on your system? This is where code signing can help!

Read more

Sysinternals Sysmon

Windows System Monitor (sysmon) is a kernel-level driver that allows for the selective capture and logging of detailed system actions that happen on a Windows system. This data can be used by developers to debug issues and/or by security professionals looking for suspicious activity.

Read more

How Overprivileged Processes Compromise Your System

Running processes with higher privileges than they need may lead to a significant system compromise.

Read more

Introduction to Tcpdump

Tcpdump is a command-line packet analysis tool. Much like Wireshark, you can use Tcpdump to capture and analyze packets, troubleshoot connection issues, and look for potential security issues on a network.

Read more

Tracking Process Injection

Process Monitor is a tool on Windows systems that helps you monitor for issues on your system. You can view process, registry, filesystem, and network activity in real-time.

Read more

What is Process Monitor?

Process Monitor is a tool on Windows systems that helps you monitor for issues on your system. You can view process, registry, filesystem, and network activity in real-time.

Read more

Using Shell Scripts To Automate Your Workflow

How to create and use Shell scripts

Read more

Kubernetes Introduction

Kubernetes deployment configurations are responsible for deploying containerized applications on top of the Cluster in production environments.

Read more

Installing and using the KeePassXC password manager

Do you have a single password that you use to access all of your accounts? Is your password short and easy to remember?

Read more

Wireshark's Command Line Tool: TShark

Today, let's talk about how you can use Wireshark's command-line interface, TShark, to capture and analyze network traffic.

Read more

Securing your Network Traffic with WireGuard VPN

Many VPN software packages have a bewildering array of configuration options, some of which leave subtle security holes. WireGuard was developed as a reaction to this, and aims to be simpler for users to configure.

Read more

OpenVPN Access Server

Anonymity and privacy are becoming a problem nowadays, with lots of hackers trying to steal others' identities. OpenVPN provides Virtual Private Network solutions to secure data while accessing the internet. This guidance will describe the installation process of OpenVPN Access Server.

Read more

Orchestration and Kubernetes Overview

Kubernetes is an open-source orchestration system for automating application deployment, scaling, and management of containers.

Read more

Password Spraying Attacks

Have you heard of a password brute-force attack? A brute-force attack is when attackers try to hack into a single account by guessing its password.

Read more

Intro to PHP Object Injection Vulnerabilities

PHP serialization is frequently used for storing or sending a PHP object. However, weak implementation of it may cause a severe vulnerability for the web application like remote code execution.

Read more

Hacking The Web With Fiddler

It's no secret that hackers, developers, and IT professionals like us use a lot of tools. Today, let's talk about a powerful addition to your toolkit called Fiddler! Fiddler is a free web debugging proxy for any browser and platform.

Read more

Introduction to Metasploit

Metasploit is a penetration testing framework that helps you find and exploit vulnerabilities. The Metasploit Framework is one of the most useful testing tools available to security professionals. Using Metasploit, you can access disclosed exploits for a wide variety of applications and operating systems. You can automatically scan, test, and exploit systems using code that other hackers have written.

Read more

PowerShell Basics - Part 1

This is the first part of the PowerShell Basics series covering PowerShell Objects, two most widely used Operator groups and how to use proper quotes.

Read more

Backing Up With Borg

BorgBackup, or “Borg” in short, is a backup program that supports deduplication, compression, and encryption. Borg provides an efficient and secure way of backing up your data.

Read more

PowerShell Introduction

This module is for people looking to get started with their PowerShell journey.

Read more

Privilege Escalation Via Cron

Cron is a super useful job scheduler in Unix-based operating systems. It allows users to schedule jobs that run periodically. Today, let's dive into how to use Cron and the security risks of a misconfigured Cron system!

Read more

Log Management with the Systemd Journal

Systemd adds many features to help administer system and network services running on Linux, and the journal is one of them. The systemd journal stores log messages in a central database.

Read more

Apache For Beginners

Setting up a website might be easier than you think. Using Apache is one of the simplest ways to go about it. For those not familiar with it, Apache is a web server software package available on Linux systems. It is one of the most popular web servers on the market, and for good reason. It’s free and completely open-source. But it’s also feature-rich, simple to set up, and easy to work with. Let’s delve into how to set up your website using Apache.

Read more

Backing Up With Rsync

Rsync is a widespread utility for both downloading and hosting files for remote backup.

Read more

Patching Binaries With Ghidra

Last time, we talked about how to reverse engineer a binary using Ghidra. But what if you wanted to make modifications to the binary itself? The process of making changes to a binary and modifying its instruction flow is called "patching a binary". Hackers do this to bypass built-in protections, or to make the program behave in a different way to make the exploit development process go more smoothly. And today, let's talk about how to do this directly in Ghidra!

Read more

Intro to reverse engineering with Ghidra

Reverse engineering is a process that hackers use to figure out a program's components and functionalities in order to find vulnerabilities in the program. You recover the original software design by analyzing the code or binary of the program, in order to hack it more effectively. Today, let's take a look at how to reverse engineer a single program using a piece of open-source software called Ghidra.

Read more

Visual Spoofing with Unicode

Unicode was developed to represent all of the world's languages on the computer. Early in the history of computers, characters were encoded by assigning a number to each one. This encoding system was not adequate since it did not cover many languages besides English, and it was impossible to type the majority of languages in the world.

Read more

Gathering System Information On An Ubuntu Server

Today, we'll investigate our operating system and find out what is going on with its software, hardware and network connections.

Read more

Introduction of SUDO KILLER

SUDO KILLER provides an easy and effective way to scan for Sudo bugs and misconfigurations as an unprivileged user.

Read more

Discovering The Hidden Web Using GoBuster

Gobuster provides an easy and effective way to recon remote web contents.

Read more

Stealing Port Knock Sequences for Server Access

There are a few ways that a knock sequence can potentially be leaked. The knock sequence could be accidentally published. It could also be leaked through compromised log files. Finally, it could be stolen through packet sniffing.

Read more

Writing Custom Rules for YARA

YARA provides an easy and effective way to write custom rules based on strings or byte sequences found in samples and allows you to create your own detection tools.

Read more

Finding Secrets in Git Repos with TruffleHog

It's all too easy for developers using Git to commit information that shouldn't be visible to everyone who has access to the source. This could be configuration files containing database passwords, deploy scripts including server credentials, or even the private key files for SSH or HTTPS. Removing the secret data from the current version doesn't help, because the previous version is stored in the history and is still accessible. TruffleHog is one tool which makes it easier to search through the history of a git repository to discover passwords and other secrets.

Read more

Using ProxyChains to Proxy Your Internet Traffic

ProxyChains is a common penetration testing tool for the redirection of connections through SOCKS4, SOCKS5 or HTTP proxies.

Read more

Exploiting ReDoS

Today, let's explore how attackers can exploit poorly written regex patterns to launch denial of service attacks!

Read more

Password Reuse and Lateral Movement

What are common ways for attackers to access user passwords and how you can protect yourself from those who would try to steal your credentials.

Read more

Windows Logging

Microsoft Windows has a robust logging subsystem that captures a number of system events and activities by default. It also can be used to capture other types of useful data. Event sources are grouped into log providers with unique event IDs for each event.

Read more

Scanning and Enumeration Defence with Port Knocking

Port knocking is a stealth method to externally open ports that, by default, the firewall keeps closed. The benefit is that, for a regular port scan, it may appear that the service of the port is just not available.

Read more

Microsoft Defender Advanced Threat Protection

The next generation security tools are designed to help users keep pace with modern bad guys (skilled and motivated programmers, often with large resources) while simultaneously improving privacy, security, and system integrity. These tools are powered by intelligence, insights, signals, alerts from many systems, and continuous human testing, and can integrate with trusted partner systems as well.

Read more

Diving into YarGen

Last time, we talked about how to detect malware using YARA, and how to find YARA rules to use online. But if you can't find YARA rules published online that suits your needs, you'll need to write your own rules instead!

Read more

Malware Detection Using Yara

Have you ever wondered how malware is detected? How do malware scanners work? How does Gmail know that the suspicious attachment you got was "dangerous"? After all, malware comes in all shapes and sizes, and there is no one characteristic that tells you whether a file can cause harm or not.

Read more

Linux Privilege Escalation Using Capabilities

In Linux environments a superuser can do practically anything and is not bounded by normal security checks. In other words, the superuser has a number of privileges which allow him to change the system as he pleases. Linux divides these privileges into distinct units, known as capabilities. These capabilities can be added to an executable, which will give any user running that executable the specific superuser privilege defined by the capability.

Read more

Windows Authentication with NTLM

Windows authentication is based on many security best practices although it has several weaknesses especially when it comes to legacy authentication in the form of New Technology LAN Manager (NTLM), which first debuted with Windows NT in the mid 1990's.

Read more

SSH-Audit

SSH (secure shell) is a widely-used protocol for remote administration of Unix and Linux servers. The default configuration of many SSH server implementations includes several potentially-insecure settings so as to maintain compatibility with outdated client software. The ssh-audit tool can be used to check the server settings and recommend changes so as to improve security.

Read more

Privileged Remote Code Execution in OpenSMTPD

OpenSMTPD is the mail transfer agent (e-mail server) of the OpenBSD operating system, and is also available as a 'portable' version for other Unix systems such as GNU/Linux. OpenBSD is known for having a strong focus on security features, and serious security vulnerabilities in OpenBSD are very rare - there have only been two remote holes exploitable in the default install in the project's 23-year existence. The recent CVE-2020-7247 vulnerability in OpenSMTPD, announced on the 29th of January 2020, very nearly added a third item to that list.

Read more

RangeForce Module Tutorial

On the RangeForce platform, there is an ever-growing amount of hands-on learning modules and challenges that teach you how to prepare, detect and respond to the latest cyber threats and system vulnerabilities. The best part is that it's a cloud-based, on-demand, SaaS environment which means that no complex setup or hardware is required. You access everything through your web browser so a decent internet connection is all you need.

Read more

Suricata as an IPS

Suricata is a real-time threat detection engine that helps protect your network against threats by actively monitoring network traffic and detecting malicious behavior based on written rules. It can operate in a network security monitoring (NSM) mode and can also be configured as an intrusion detection system (IDS) or intrusion prevention system (IPS).

Read more

Windows Active Directory Basics

If you have ever tried to remotely connect to another computer via SSH, RDP or many other protocols, you might have wondered why your local system account can't just automatically be trusted by the remote system and give you access. Or what if you want to share some content from your system and have to manually create local accounts for your friends on your system so they can log in? Windows Active Directory solves problems like this by providing a framework for central authentication and managing permissions.

Read more

Enumerating with Nmap

Nmap is not only the best port-scanning tool out there, but also a very good service-level enumeration tool with support for customized scripts and hundreds of publicly available scripts ready to use out of the box. This is possible through the Nmap Scripting Engine (NSE), Nmap's most powerful feature that gives its users the ability to write their own scripts and use Nmap for more than just port scanning.

Read more

HTTPS Security

Extensible Markup Language (XML) has an infamous feature called XML eXternal Entities (XXE). It is the most well-known XML attack vector and still has a high place in the OWASP Top 10 most common vulnerabilities list.

Read more

XML External Entities

Extensible Markup Language (XML) has an infamous feature called XML eXternal Entities (XXE). It is the most well-known XML attack vector and still has a high place in the OWASP Top 10 most common vulnerabilities list.

Read more

Insecure Deserialization in Java

Serialization is the process of converting an object into a data format which can later be used to restore the object. People often serialize objects in order to store or to send them as part of communications. Deserialization is the reverse of that process -- taking data structured in some format and rebuilding it into an object.

Read more

DOM-based XSS

Document Object Model-based Cross-site Scripting (DOM-based XSS) is a lesser-known form of XSS. It's different from reflected and stored XSS because the exploit happens entirely on the client-side and does not conceptually require a server-side vulnerability.

Read more

Regular Expressions

Regular expressions, or 'regex' or 'regexp' for short, are an invaluable technique that can be used in a variety of ways. They may seem intimidating at first, especially for those without a degree in computer science. With a little practice, however, they can become one of the most useful resources in a user’s toolkit.

Read more

Misconfigured PATH

An environment variable is a dynamic-named value that can affect the way running processes will behave on a computer. They are part of the environment in which a process runs. For example, a running process can query the value of the TEMP environment variable to discover a suitable location to store temporary files, or the HOME or USERPROFILE variable to find the directory structure owned by the user running the process.

Read more

Network Discovery With Nmap

Nmap, also known as network mapper, is a free and open-source security tool widely known for its powerful network discovery, enumeration and security auditing abilities. Network administrators use Nmap to establish a network map and get more information about what's going on inside the network - which hosts are online, what ports are open, which services are offered, and more.

Read more

Privilege Escalation Using the Docker/LXD groups

Docker and LXD are both software platforms for building applications in small and lightweight environments called containers, which are isolated from other processes, operating system resources and the kernel. Some Docker/LXD features require the daemon to be run with super-user privileges - features like port binding, mounting filesystems etc.

Read more

Nikto

Attacking a website is not a straightforward process where you start randomly typing and suddenly have access to the system. Before exploiting a vulnerability, you have to actually find the vulnerability. The first part of attacking a system is information gathering. There are a lot of excellent tools out there for information gathering like Maltego or Nmap. Even a simple Google search can give you lots of useful information. After compiling a list of targets to focus on, you can start scanning those targets for vulnerabilities that can potentially be exploited. This is where Nikto comes in.

Read more

Docker RunC Container Escape

Docker containers allow developers to package their application with all of their dependencies and components in a single place. That way, their applications will run quickly and reliably in many different computing environments. On the surface, Docker containers can seem safe, as they isolate an application and its dependencies into a self-contained unit. The truth is that nothing is entirely secure. That goes for Docker as well.

Read more

Network Defense and Monitoring With Suricata

Suricata is a real-time threat detection engine. It helps protect networks against threats by actively monitoring traffic and detecting malicious behavior based on written rules. It can operate in a network security monitoring (NSM) mode and can also be configured as an intrusion prevention system (IPS) or intrusion detection system (IDS). The Suricata project is free and open-source, and stands out from alternatives such as Snort, Zeek or Sagan, with its native support for multi-threading, HTTP/TLS logging and other useful features. It is a great addition to your network defense solutions, whether the goal is to protect a business or home network.

Read more

Linux privilege escalation using Wildcard Injection

Wildcards are symbols which represent other characters. You can use them with any command such as the cat or rm commands to list or remove files matching a given criteria. There are others, but the one that is important to us right now is the * character, which matches any number of characters.

Read more

Linux privilege Escalation using the SUID Bit

The SUID bit is a flag on a file which states that whoever runs the file will have the privileges of the owner of the file. So, if you are student and the file is owned by root, then when you run that executable, the code runs with the permissions of the root user. The SUID bit only works on Linux ELF executables, meaning it does nothing if it's set on a Bash shell script, a Python script file, etc.

Read more

Dirty Cow

Kernel exploitation is becoming much more popular among exploit writers and attackers. Playing with the heart of the operating system can be a dangerous game. Kernel exploits require both art and science to achieve. Every OS has its quirks and so every exploit must be molded to fully exploit its target. This blog covers just one of these exploits, whimsically entitled Dirty Cow.

Read more

Docker Basics

Docker is a software platform that's used for building applications in small, lightweight execution environments called containers. Containers are isolated from other processes, operating system resources and kernels. They are assigned resources that no other process can access, and they cannot access any resources not explicitly assigned to them. The concept of containerization has been around for some time, but practical applications were few and far between. Then came, Docker, an open source project launched in 2013, that helped to popularize the technology. Originally built for Linux OS, Docker became a multi-platform solution, broadening its applicability and catalyzing the microservices-based approach in development which has been widely embraced over the past several years.

Read more

ModSecurity Filter Evasion and Better Configuration

ModSecurity is a rule-based Web Application Firewall (WAF) which is most commonly deployed to provide protections against generic classes of vulnerabilities using the OWASP ModSecurity Core Rule Set (CRS). However, if instead of OWASP CRS the default (weaker) ruleset is used, then it can be circumvented in certain cases.

Read more

API Security

Application programming interfaces (APIs) - the connecting links between services, applications and data, have become essential for enterprise developers as they allow programmers to easily integrate and reuse different external software components instead of having to develop those components themselves.

Read more

SQL Injection Isn't Going Anywhere

SQL injections might sound like a thing of the past, but in actuality it is still one of the most widely used methods of attack directed towards web applications around the world. As stated in the Akamai Media Under Assault report a staggering 69.7% of all web application attacks between January 2018 and June 2019 were SQL injections. That is a LOT considering that it was supposedly first discovered by a man by the name of Jeff "Rain Forrest Puppy" Forristal back in 1998. Yes... '98.

Read more

Blind SQL Injection

Blind SQL injection is similar to normal SQL injection, except that the HTTP responses will not contain the results of the relevant SQL query and a generic error page is shown instead. Only one bit of information (true/false) can be extracted per request -- but that is all it takes.

Read more

Meteor Blind NoSQL Injection

I recently came across a Meteor application, which had a publicly callable method 'users.count' that would return the count of users registered in the app. While this may not be significant from a threat assessment perspective, I decided to give it another look and dig a bit deeper.

Read more

Blind Command Injection

Executing a command injection attack means running a system command on someone’s server through a web application or some other exploitable application running on that server. Executing a blind command injection attack means that you are unable to see the output of the command you've run on the server.

Read more

SNMP Arbitrary Command Execution

SNMP, the Simple Network Management Protocol, which in certain communities is better known as Security Not My Problem, is a protocol to monitor and manage networked devices.

Read more

Password Cracking Countermeasures

If you set up a server, or any information system for that matter, it is important to also secure it according to best practices.

Read more

Password Cracking

Most of us are familiar with usernames and passwords, the most common tool to secure information from unauthorized access. However, not everyone is familiar with the security requirements for strong passwords and because of this, many user passwords can be easily guessed.

Read more

Breaking JSON Web Tokens

JSON Web Tokens (JWT) are commonly used to implement authentication and authorization on websites and APIs. While there are numerous cases for why you really should not use JWT in your applications, it is very common to see them all around the internet as API and session tokens.

Read more

NoSQLMap

Today we are going to take a look at NoSQLMap - a tool that is designed to find and exploit various NoSQL vulnerabilities. NoSQLMap is largely oriented towards testing MongoDB and CouchDB, but support for other NoSQL databases such as Redis and Cassandra is planned for future releases.

Read more

NoSQL Injection

The NoSQL injection vulnerability can be used by a malicious actor to access and modify sensitive data, including usernames, email addresses, password hashes and login tokens. Chained with other vulnerabilities it can lead to a full site takeover.

Read more

Wireshark Is Cool

It does not matter if you are a security engineer, a network administrator or even a cyber-criminal, tools for monitoring network traffic are the key to your success. With a detailed view of the numerous packets traversing a network, one can ascertain a lot about the security condition of that network. Network monitoring tools are also a vital resource for troubleshooting network performance problems. One very popular tool in this category is Wireshark.

Read more

The Basics of Linux File Management

Knowing how to navigate within the Linux operating system and work with files and the file system is a critical skill for DevOps engineers. Having that basic knowledge is a fundamental requirement for working effectively with any Linux-based system. If you cannot complete basic tasks, such as copying or moving files, creating directories, and viewing the contents of directories, then you will lose your bearings quickly. So, before going further into the world of Linux, the following are a few basic pointers on how to work with its file and directory structures.

Read more

The Basics of Linux Software Management

Linux, like most other operating systems, supports various types of software. Managing that software is a basic skill that all Linux users should have. Handling it using a graphical user interface is usually intuitive and self-explanatory. With instructions provided on screen, the user simply needs to follow them. Doing the same job using a command line interface is entirely different. It’s more complicated and difficult and can be daunting for Linux newcomers.

Read more

Cross Site Request Forgery

When Sir Timothy (aka Tim Berners-Lee) designed the first version ofhis new information system in 1989 (that became the Web two yearslater), it was meant for connecting various research documents viareferences. Back then, and even later when the budding Web started togrow, there was no need for tracing the reader’s progress - when a pagewas revisited, it was opened from the beginning again. To this day, themain protocol of the Web, HTTP, is a bit like a senile senior to whomhis/her children must re-introduce themselves all over every time theypay a visit.

Read more

How to change your UserAgent in Chrome or Firefox (gif!)

Every browser has a UserAgent attached to it. Any website you go to gets this information through the request headers.

Read more

Unrestricted File Upload

Here's a simple attack that may not seem as common these days, but even with sufficiently secure frameworks unknowing developers can bypass security features and produce a vulnerable application. Even large IT companies stumble sometimes. Do not let it come to you as a surprise, as there are loads of ways to attack and bypass security features.

Read more

Insecure Direct Object References

Insecure Direct Object References (also known as IDOR) happen when it’s possible to get direct access to different data objects within a web application which are exposed to users. As a result of this vulnerability it is possible for potential attackers to bypass authorization or access data like files or database records in the system directly. It can be done by modifying the value of a parameter used to directly point to an object. This is caused by the fact that the web application takes user supplied input and uses it to retrieve an object without performing authorization checks.

Read more

Cookie Security

Nowdays cookies are a vital part of browsing the internet. They are a way to keep track of your movements within a site and store data directly onto your web browser. Keeping them as secure as possible prevents bad people from hijacking your web sessions and stealing our identity.

Read more

Command Injection Basics

Executing a Command Injection attack simply means running a system command on someones server through a web application. Executing the command is of course the easy part, the hard part is finding and exploiting the vulnerable crack in the system which could be anything from an insecure form field on a web page to an open port in the network interface.

Read more

../Path-Traversal

Path Traversal is a fancy name for what is basically just accessing different directories in the URL. “Say what?” I hear you say. This is a very basic form of attack, but let’s go through it step by step.

Read more

Exploiting XSS 101

You’ve probably heard about Cross-site scripting (XSS), but nowadays it sounds like a distant memory of a problem that existed in the 90’s. In reality it’s still a very much important threat. It’s not on the top 10 list on OWASP for no reason. Need proof? Check out how XSS was used to take over admin accounts on Wix.com (with 90 million users) or how Slack was hacked. These bugs have since been fixed of course, but there are many more.

Read more