Image for post
Image for post

I’m going to be honest here. This article is an act of selfish documentation. I’ve probably configured NGINX as a reverse proxy a few dozen times, and there’s always something I forget in the process. I still strongly prefer it over the Apache alternative, primarily due to its vastly different configuration language (it feels more like code, which is refreshing), among other benefits. I’ll leave the rest to another article.

Since configuring NGINX itself is really quite easy (though apparently hard for me to remember), I wanted to take this opportunity to explain how a reverse proxy actually works and why you should be using one.


Image for post
Image for post

Bad Neighbor

Microsoft’s October Patch Tuesday was less than a week ago, and we’re already seeing a tremendous bump in related exploit activity. Researchers are predicting a surge in exploitation for CVE-2020–16898, a possible RCE entry point involving improperly handled ICMP version 6 Router Advertisements. This vulnerability, now being called Bad Neighbor, affects the Windows TCP/IP stack in many versions of Windows 10 and Windows Server 2019.

Exploiting this vulnerability could be as simple as sending a carefully crafted packet to a target machine, so representatives from Microsoft are advising anyone using an affected system version patch immediately.

Election Security

A new plot line for the vulnerabilty we just can’t stop talking about, ZeroLogon, is currently unfolding in our nation’s Election support systems. The FBI and CISA have recently published a joint advisory warning concerning the vulnerability’s prevalence in election infrastructure. The agencies warn that APT groups are using this vulnerability to gain access to some of the nation’s most critical election systems. …


Image for post
Image for post

Transcript

Today we’re going to dive into a few interesting vulnerabilities coming from everyone’s favorite punching bag — Microsoft.

A researcher at Black Hat Asia 2020 revealed a vulnerability with BitLocker that allows a user to bypass Window’s full disk encryption. It does so by exploiting a weakness in how BitLocker handles sleep mode in some edge cases. A video released by the researcher shows the vulnerability being exploited using a tool they developed called bitleaker.


Image for post
Image for post

Imagine you’re a thief (you can be the Robin Hood type if that helps) going into a business, looking for loot. You scour the storefront, and find nothing. You see a doorway to some stairs, and decide to see if you can go one floor down. You make it down one flight and check the knob — click click. It’s locked. You go down another flight, same deal. You keep moving down and checking knobs until, finally, you find an open door. Inside this room is the heart of the business — the money vault, the business’s files, etc…

This is what directory/path traversal feels like as a pentester. It’s like taking the stairs to a directory you’re not supposed to have access to. I’ve had a number of clients that simply didn’t care that this was a vulnerability in their application. What’s the harm? Someone can view some files we don’t care about? Well, yes. This vulnerability can lead to some pretty nasty consequences when combined with other attacks. Let’s dive in. …


With the 2020 election(s) just around the corner, it’s getting harder to ignore the rhetoric, the ad waves, and the conspiracies. I remember when our opinions were not so dependent on our social media echo chambers. I remember when I could still be friends with people across the political isle. It’s not that I don’t want to be now, it’s that the political climate over the past 4 years has become so polarizing that hating the other team has become a prerequisite for either party. The other guys are evil, they want to destroy this country. …


Image for post
Image for post

I feel like I’ve been writing just long enough to have figured out what works for me, and what really, really doesn’t. I write primarily technical articles dealing with programming and security — you know, really exciting stuff. Writing tech articles is such a weird balancing act that can so easily fall flat, making you sound either dull or uneducated on the subject. I'm going to talk about some of my own observations, and the many ways I’ve discovered that one can fail.

Research all the things

I rarely go into an article without either real-world experience or hours of research. Often, it’s both. I don’t care if I’ve worked with this technology for 2, 5, or 10 years — I’m going to research everything before I start writing, and keep it up while I’m writing. Maybe it’s my own insecurity, but I’m just not comfortable stating anything as the gospel truth without checking the facts first. …


Image for post
Image for post

I’m sure you’ve heard of XSS (Cross-Site Scripting) if you’ve ever been within earshot of a security engineer. As part of the OWASP Top 10, it tends to pop up a lot in security discussions. Unfortunately, the standard explanation (“code injected into a webpage to make it do stuff”) doesn’t really help red or blue teams execute or protect against it.

A Better Explanation

Basically, XSS can occur when a user is allowed to provide input that will be used by the application in some way to alter a view in the interface, without properly sanitizing the user-supplied input. For instance, when you search for a product in an online store and see the search term appear at the top of the results, or in the page title. …


As one of the most historically prominent vulnerabilities out there, SQL injections have likely caused millions (if not billions) of dollars worth of damages to thousands of companies over the last 20 years. The vulnerability was first documented in 1998 by Phrack contributer and security researcher Jeff Forristal. The internet never recovered.

Image for post
Image for post

So what is it?

To understand what a SQL Injection Attack is, we need to have a brief primer on how User Interfaces typically communicate with the backend or database:


Image for post
Image for post

You had a great idea that is somehow also making money, and you’ve decided to bootstrap it into a full-fledged company. Congrats, you have a startup. In today’s market, it seems like we are all being pushed to build, grow, and sell — over and over and over. It seems like there’s no time to think about anything else. If you’re not developing something that will directly contribute to the product’s success, it seems like a waste of time.

This is the mindset of today’s startup founder. It’s the mindset of many CTOs and engineers pushing development forward without best practices being met, because “we can reiterate later”. The hard truth is that “later” rarely ever comes. This is how bad operational security practices and, in the case of software companies, vulnerable code gets baked into an otherwise great product. …


Image for post
Image for post

I’m sure we’re all familiar with DRY programming principles. Don’t Repeat Yourself. Though I try my best to follow this when I’m developing an application, I feel like I’ve wasted countless hours on the same initial steps every time I start a project.

It seems like the first day is spent on setting up the directory structure I’ll use, looking up the same libraries every single time to make sure I initialize them properly, and writing the same CSS boilerplate over and over. If you did this a hundred times, you would have wasted a solid month of your life just setting things up. …

About

Andrew Long

Security Engineer, Software Dev, and Tech Writer. I write a lot of tutorials and educational pieces, as well as the occasional opinion piece.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store