Subdomain Hijcking – Notes links & tools

I had previously read about Subdomain hijacking, but in all honesty I didn’t really “get it”. All that changed starting with this Security Fest talk by Frans Rosén entitled: DNS hijacking using cloud providers: Or more accurately I really started to get this going through Frans’s slides of the talk: I don’t want to explain the premise of this to you as it’s one of those you have to investigate yourself to really get to grips with it. But what I will do to (hopefully) bring your learning time down is detail below all of the links Frans mentions plus those from my Read More

Climbing Mount WebAppSec – Chrome Extensions

As we move “client-side” browsers are evermore important as they effectively become our operating system – Chromebook for example. Many of the tasks we undertake were traditionally hosted inside the operating system but are now accessed via the browser – email and document processing being the prime examples. As a consequence browser security has become critical. In order to extend our browser functionality we are dependent on 3rd party extensions. It is vital we check the privileges granted these extensions as they often demand unnecessary invasive access. To give an example, I recently needed an simple PDF viewer Chrome extension and noted the Read More

OWASP Juice Shop Vulnerable Webapp

A couple of weeks ago Björn Kimminich released the Juice Shop Vulnerable Web Application at the OWASP AppSec Europe conference in Belfast. Why another vulnerable webapp for target practice? This from Github: Main Selling Points: Easy-to-install: Choose between node.js, Docker and Vagrant to run on Windows/Mac/Linux Self-contained: Additional dependencies are pre-packaged or will be resolved and downloaded automatically Self-healing: The simple SQLite database is wiped and regenerated from scratch on every server startup Gamification: The application notifies you on solved challenges and keeps track of successfully exploited vulnerabilities on a Score Board CTF-support: Challenge notifications optionally show a flag code for your Read More

Climbing Mount WebAppSec – ZAP Directory Traversal

Whilst reading OWASP Testing Guide v4 I came across the section on testing for directory travseral and noted the “tools” at the bottom. Wfuzz and Dirbuster (the latter now incorporated into ZAP) I know about and will be dealing with in an upcoming “Discovering directories/files”. This left DotDotPwn and ZAP (Zed Attack Proxy) itself. Interestingly, DotDotPwn is incorporated into TrustedSec’s Penetrations Testers Toolkit (blogged about here) under “vulnerability-analysis“. So, quick and easy for me to fire up the tool and unleash it – however – I immediately hit a brick wall with URL’s not responding? It transpires this tool cannot easily handle HTTPS without a fair Read More

RUAG Breach – A lesson in cyber espionage tradecraft tools & techniques

Following a successful data breach of Swiss defense contractor RUAG – specialising in aerospace technology – the Swiss Governmental Computer Emergency Response Team (GovCERT) took the unusual step of publishing a comprehensive data breach report. The reasons given for publishing the report: …to give organizations the chance to check their networks for similar infections, and to show the modus operandi of the attacker group. You can download the summary technical report here (PDF) – 2 pages And the full espionage report here (PDF) – 34 Pages If the full report is a little TL;DR for your time or taste – or even Read More

UK Cyber Security Breaches Survey 2016 – Some Quick Stats

The UK government has just published the Cyber Security Breaches Survey 2016 (PDF here). Commissioned by the Department for Culture, Media and Sport, as part of the National Cyber Security Programme. It was carried out by Ipsos MORI, in partnership with the Institute for Criminal Justice Studies at the University of Portsmouth, and comprised: ▪ a representative telephone survey of 1,008 UK businesses from 30 November 2015 to 5 February 2016 ▪ a total of 30 in-depth interviews undertaken in January and February 2016 to follow up businesses that Here’s some pertinent stats lifted from the report: (69%) say cyber security is either Read More

Information Security Basics ARE Sexy

It all begins with a headline such as: “Hackers hack [insert new thing hacked]” Obviously, you change “insert new thing hacked” with whatever has just been demonstrated at the latest hacking convention, be that an ATM, fridge, sniper rifle, car, baby monitor, etc. Following this news, two camps will emerge. The first is the FUD (fear, uncertainty and doubt) group characterised by doomsaying. The second is the junk-hacking group, which is characterised by being unimpressed with what they call ‘junk hacking’ (junk I found around my house and scared you by hacking it). Both groups probably have their merits. One thing Read More