I recently published a simple POC of CVE-2020-11978 which, when combined with CVE-2020–13927, is an unauthenticated RCE for Apache Airflow 1.10.10. (Exploit DB link)

The exploit is actually simple but when I first encountered CVE-2020–11978, I did some quick google searches and didn’t find any available exploits.

I’ve always been a user of publicly available exploits when doing CTFs and boxes in hackthebox. So this time I decided to try to look into and write my own. This blog post describes that process .

Finding the CVE

I encountered this when playing around with snyk and dependabot for some of my personal projects.


[Link to original blog post] This year I was able to join the DEFCON 28 Blue Team Village’s OpenSOC CTF since the event was held online. I joined with my team, the hackstreetboys. There were 800+ participants, 500+ challenges, and 350+ teams in the competition which over 20 hours.

We did alright; 8th out of 20 in the CTF finals, and 5th out of 354 teams in the qualifiers. It could be better, and we’re going to try harder.

This was our first time playing and our exposure to blue team CTF’s is limited. We didn’t really know what to…


Explaining HDBSCAN in ~5 minutes

Hierarchical Density-based Spatial Clustering of Applications with Noise” (What a mouthful…), HDBSCAN, is one of my go-to clustering algorithms. It’s a method that I feel everyone should include in their data science toolbox.

I’ve written about this in my previous blog post, where I try to explain HDBSCAN in as much depth as I could. This time I am taking the opposite approach: I will try to explain the main ideas HDBSCAN and density-based clustering as succinctly as I can.

I think (and I hope) that this primer on HDBSCAN would be friendlier for beginners and new-comers in data science.


A scenario when U2F/WebAuthn does not protect you against phishing attacks (until hostname whitelisting is enabled)

TLDR: U2F prevents MITM attack between the victim and the Duo server, but not between the victim and the application. Because Duo is a 3rd-party service, we don’t have the same security properties that are associated with U2F between the victim and the server. This boils down to bypassing the Duo integration. If you can bypass the Duo prompt, then the phishing attempt will be successful, even if U2F is used. To prevent phishing, it is paramount that you enable hostname whitelisting [1]. Without hostname whitelisting, Duo is similar to an OTP generator during a phishing attack.


This is a medium-sized extract from a longer blog post of mine concentrating on the crypto used by LastPass. Notes here are from [1], [2], [3], [4], and from my own experience setting up the phishing in the original blog post.


This is a medium-sized extract from a longer blog post of mine. I go a little more in-depth on the difference between U2F and OTP and how LastPass decrypts your vault, you can see the full blog post.

(Un)fortunately, this is NOT a MITM attack on U2F. LastPass doesn’t support U2F so this is disappointingly simple. It uses Yubico OTP, which we know to be phishable.

In this article, I show mainly how to deploy a phishing attack on LastPass users, even when they are protected with Yubikey physical keys. …


This is the second part of a series of blog posts. You can read the first one on Data Exfiltration.

This blog post is structured as follows:

  1. Introduction Lateral Movement (4 mins): a toy example to illustrate what lateral movement is
  2. Network Anomaly Detection (7 mins): Statistical and machine learning techniques to detect lateral movement
  3. CTF Challenges (3 mins): Solution to 3 CTF challenges on finding lateral movement
  4. Breach Reports (4 mins): Real-life examples and what we can learn from them
  5. Visibility and Sensor Vantage (3 mins): Checking the quality of your data and the extent of your visibility
  6. Dark…


A comprehensive top-down introduction to the inner workings of the HDBSCAN clustering algorithm and key concepts of density-based clustering

HDBSCAN is a clustering algorithm developed by Campello, Moulavi, and Sander [8]. It stands for “Hierarchical Density-Based Spatial Clustering of Applications with Noise.”

In this blog post, I will try to present in a top-down approach the key concepts to help understand how and why HDBSCAN works. This is meant to complement existing documentation such as sklearn’s “How HDBSCAN works” [1], and other works and presentations by McInnes and Healy [2], [3].

No (few) assumptions except for some noise


Pixabay from Pexels

Big data is hard, and the challenges of big data manifest in both inference and computation. As we move towards more fine-grain and personalized inferences, we are faced with the general challenge of producing timely, trustable, and transparent inference and decision-making at the individual level [1]. For now, we will concern ourselves with the challenge of “timeliness”, and try to gain intuitions on how certain algorithms scale and whether or not they can be feasibly used to tackle massive data sets.

In inference, there is never “enough” data. As you get more and more data, you can start subdividing the…


Miguel Á. Padriñán from Pexels,

Using network flow data to create basic alerts to detect data theft

This is both a walkthrough of the solution of Wildcard 400 challenge in the recent 2019 Trend Micro CTF, and some notes on network security monitoring. I’d recommend you try out the challenges first here. All implementation of the solutions can be found this kernel.

Premise

You are a network security administrator for the medium sized business XYZcorp. You often use network flow data to uncover anomalous security events. This challenge provides some sample aggregated data on flows, and uses answers from the anomalous events to construct the flag.

Data here is synthetic and does not model typical network protocols and…

Pepe Berba

Stats, security, and cryptography | Cloud Security and Machine Learning at Thinking Machines | GMON, CCSK | Masters student in data science

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store