Want to learn HOW TO do something? This is a great place to start!
Strutting your stuff – Unauthenticated Remote Code Execution
Carrie Roberts // Unauthenticated Remote Code Execution? A hacker’s best friend. And that is what we have with CVE-2017-5638 Apache Struts with working exploit code here: https://github.com/rapid7/metasploit-framework/issues/8064 Save the exploit code to a file and execute with Python passing two command line arguments. The first command line argument is the URL to execute the attack […]
How To Fix a Missing Content-Security-Policy on a Website
Kent R. Ickler // Content-Security-Policy-What-What? Content-Security-Policy is a security header that can (and should) be included on communication from your website’s server to a client. When a user goes to your website, headers are used for the client and server to exchange information about the browsing session. This is typically all done in the background […]
Three Minutes with the HTTP TRACE Method
Brian King // All of our scanning tools tell us that we should disable the HTTP TRACE and TRACK methods. And we all think that’s because there’s something an attacker can do with it to steal secrets from legitimate users. But there’s another thing TRACE can do for an attacker, and it’s got nothing to […]
An Open Letter to Big All-Powerful Company’s Password Policy:
Kelsey// Dear Big All-Powerful Company, Your idea of a ‘strong password’ is flawed. When I first saw the following message, I laughed. I said out loud, “No, you have not seen that password before, ever; I guarantee it,” but I moved on. I thought, no big deal, I’ll add some length. And then adding length […]
How to Build a C2 Infrastructure with Digital Ocean – Part 1
Lee Kagan* // Deploying an offensive infrastructure for red teams and penetration tests can be repetitive and complicated. One of my roles on our team is to build-out and maintain the red team systems and control accesses to and from them. There’s an endless variety of what you may wish to deploy but I found […]
How to Block Ads on All Your Devices
Ethan Robish // Ads serve an important function on the internet. For many websites, ads are the main form of revenue that funds the site’s content or service. This, however, doesn’t prevent them from annoying users, taking up bandwidth, or even being malicious. They can completely hijack the page you are viewing with popups and […]
Android Dev & Penetration Testing Setup – Part 2: Installing Android Studio
Joff Thyer // Editor’s Note: This is part 2 of a 3 part series. Part 1 discussed configuring your virtual machine engine and virtual hardware emulation. Part 2 (this part) covers installing Android for the emulator, and Part 3 covers installing the drozer attack framework. After the Java installation has finished, you will need to visit […]
How To Do Endpoint Monitoring on a Shoestring Budget – Webcast Write-Up
Joff Thyer & Derek Banks Editor’s Note: This is a more in-depth write-up based on the webcast which can be watched here. As penetration testers, we often find ourselves in the position of making recommendations for “increasing visibility for endpoints” with respect to event logging. We usually feel great about this, because it is without […]
Lawrence’s List 090216
Lawrence Hoffmann // Election fraud is something I’ve mentioned here recently. The reality we must face here is that any time a digital system is used for voting there is the possibility of fraud via some form of hacking. The risks posed by digital polling are indeed something that must be addressed and mitigated where […]
