…and abusing localStorage, again!
I am willing to share a story about one of my latest exploitations, and how this was both fun and interesting.
As I cannot disclose the details about the product I was testing, I will have to abstract and make some generic examples. So you won’t find any actual working exploit on some specific target.
What I want to focus on is how to mix XSS techniques to develop a chained exploit, and prove impact while doing so.
There are some concepts to keep in mind while doing e-mail forensics, or while managing e-mail messaging systems.
Nowadays, e-mails are still the main vector for communications, being it for simple notices and greetings, for business contracts, or payments. It follows that they are also the main attack vector for malicious actors.
We are at a point in time in which the tendency is to look for sophisticated protection solutions, from next-gen AV endpoints, anti-spam, ATP, IPS and sandboxes, to the more imaginative custom rules and approaches.
While all of the above are powerful and useful, we need to remember that e-mails have been around for quite some time, and have greatly evolved ever since. …
…and the bad habits of companies…
While many are catching the current, enforcing extremely complex policies and excessively frequent password changes, I am now embracing a simpler loose approach: passwords should be easy!
I am not the first one to be talking about it, so let’s take the short and easy road: what are good passwords requirements?
A good password should be:
So, point 1 is the usual: an easy to guess password is actually bad habit, and this goes for simple ones, counting in brute-force and dictionary attacks on the password hash as well. While hashing is another subject, which should go into another whole article about safe storing, someone with access to our hashed password would lead to try to at least make it harder to crack. …
Or how I discovered a vulnerability in the integration between ServiceDesk Plus Enterprise and Desktop Central, by the means of a mixed approach.
The vulnerability itself is an unauthenticated information disclosure, the leak of the API key used by SDP and DC to establish a link, the takeover of DC and the hijack of the integration of the two (Man In the Server).
A few months ago, I approached the ManageEngine suite’s bug bounty program, mainly because of two reasons:
The reason behind point 2 is that, while other Zoho products may be considered relatively safe, not paying for the bounties will attract less researchers. …
What to do if we happen to be committed with SAP Penetration Test?
One of the many things I had never tried before (because of fear) was trying to mess with SAP.
Why? Because SAP is a mystery, SAP requires vertical expertise, SAP is haaaard.
False. False. False. Or better, SAP is cryptic, hard, strange and incomprehensible unless it’s your job and almost the only thing you focus on and, because of this tough nature, many believe some big expert is needed to understand something about it at all. …
A few years ago I came across a very academic challenge: it was a ZIP file containing a particular HTML page, the aim was to obtain the usual FLAG.
The web page didn’t have any “juicy clue”, script, image or anything else. The only strange thing was the size (a few MB) and the source was all in one line.
The element that made me suspicious was the content: it was an extract from a Wikipedia page that kept repeating itself many times. So I tried looking for differences between one repetition and another, but I couldn’t find anything at all from a browser and therefore I checked the source directly. …
Talking about “learn by taking apart”, I got tired of hearing about Kubernetes (K8s) and decided to take a look at it in my own way: through CTF and ethical learning / hacking.
I am going to tell you about my personal experience, partly from CTF (Capture The Flag), and my considerations on K8s and containers in general.
Why you say? Because containers are so coool!
What is K8s? Wikipedia explains it like this:
Kubernetes (commonly stylized as k8s) is an open-source container-orchestration system for automating application deployment, scaling, and management. It was originally designed by Google and is now maintained by the Cloud Native Computing Foundation. It aims to provide a “platform for automating deployment, scaling, and operations of application containers across clusters of hosts”. It works with a range of container tools, including Docker. Many cloud services offer a Kubernetes-based platform or infrastructure as a service (PaaS or IaaS) on which Kubernetes can be deployed as a platform-providing service. …
Well everyone, for the sake of translation, reachability and editing capabilities I chose this as the first of a series of articles to be moved from LinkedIn.
This is really just a “train of thoughts” and will serve more as an introduction to what I like to talk about.
I am an Ethical Hacker and a System Engineer, job doesn’t always provide a way to actually be the first and so I try to be a researcher / bounty hunter / CTF player whenever I can. But maybe, more than anything else, I might be just a big classic nerd.
Side note: I am not used to writing in English anymore, so any Grammar Nazi out there is really really appreciated! …