A Discussion on Serverless Application Vulnerabilities

August 6, 2020

The main advantage of utilizing serverless architecture, such as Amazon Web Services (AWS), is that it is a great way to build applications without having to manage the infrastructure. The provider will provision, scale, and maintain the servers to run applications, databases, and storage systems. Naturally, this offloads the risk of server-side insecurities to the…

Read

The Updated Security Pro’s Guide to MDM, MAM, and BYOD

July 30, 2020

Bring your own device (BYOD) is an accepted convention, most commonly for mobile devices, in corporate environments. Even company-owned devices are treated by employees as personal devices and are often incorporated into the environment in the same way that employee-owned devices are. Our job in information security is to ensure that the business initiatives like…

Read

Thycotic Secret Server: Offline Decryption Methodology

July 28, 2020

On offensive engagements, we frequently encounter centralized internal password managers that are used by various departments to store incredibly sensitive account information, such as Domain Admin accounts, API keys, credit card data, the works. It used to be that these systems were implemented without multi-factor authentication. “Hacking” them was as simple as finding somebody that…

Read

8 Keys to Writing Safer Code

July 9, 2020

All too often, security in code is an afterthought. There’s a reason that bug bounties are so prevalent; as codebases get larger, testing gets harder. Add in the time constraints of a “move fast and break things” mentality and it’s no wonder so many security issues arise. The basics might be there, encrypted connections, hashed…

Read

MSBuild: A Profitable Sidekick!

June 25, 2020

This blog post highlights some good techniques to use when restricted to testing an up-to-date Windows system with low-level user privileges (no local admin) through a Remote Desktop Protocol (RDP) connection. The Situation: At the start of this engagement, I faced the common task of needing to escalate privileges after acquiring low-level access to a…

Read

Abusing Windows Telemetry for Persistence

June 9, 2020

Today we’re going to talk about a persistence method that takes advantage of some of the wonderful telemetry that Microsoft has included in Windows versions for the last decade. The process outlined here affects Windows machines from 2008R2/Windows 7 through 2019/Windows 10. As of this posting, this persistence technique requires local admin rights to install…

Read

Theft From Online Shopping Carts – Past and Present

June 4, 2020

Past Circa 2007, during a penetration test, I encountered an online shopping cart that exposed a variable containing a product’s price and it allowed for manipulation to lower the cart’s total. In early 2008, research was conducted to answer the question – just how many carts are vulnerable to such a trivial hack? At the…

Read

Introducing Proxy Helper – A New WiFi Pineapple Module

May 26, 2020

I have had several occasions when I’ve been performing a pentest against an Android or iOS application, attempting to monitor the traffic with Burp Suite, only to realize that the application is not respecting my proxy settings. Now, if you have a rooted or jailbroken device, there are some ways you can force the application…

Read

Practical OAuth Abuse for Offensive Operations – Part 1

May 13, 2020

Background OAuth is an open authorization standard that facilitates unrelated servers and services working together, allowing access to their assets without sharing the initial, related, single logon credential. I have been thinking of it as a kind of Kerberos for external services, without a shared domain or forest. A familiar instance would be authentication to…

Read

Breaking Typical Windows Hardening Implementations

May 12, 2020

In this post, I will go over some hardening configurations that are typically set in Group Policy settings and ways to bypass them. It is important to remember that hardening configurations can be a whole series of different settings. For this post, I am showing only a few specific settings, meaning that if these were…

Read
  • Browse by Category

  • Clear Form