HackDig : Dig high-quality web security articles

Top 5 Things That Will Land an Attacker in the Azure Cloud

1. Misconfigured Cloud Infrastructure What type of misconfigurations can exist in a cloud infrastructure? Vulnerable front-facing webservers, unpatched appliances, and storage accounts allowing anonymous public access are just a few examples of common infrastructure misconfigurations in cloud environments. How can these services translate in
Publish At:2023-02-21 13:32 | Read:103659 | Comments:0 | Tags:Application Security Assessment Cloud Assessment Cloud Penet

Operator’s Guide to the Meterpreter BOFLoader

1.1      Introduction Recently, myself and a few friends decided to port my coworker Kevin Haubris‘ COFFLoader project to Metasploit. This new BOFLoader extension allows Beacon Object Files (BOFs) to be used from a Meterpreter session. This addition unlocks many new possibilities for Meterpreter and, in my opinion, elevates
Publish At:2023-01-24 13:31 | Read:125498 | Comments:0 | Tags:Application Security Assessment Incident Response Incident R

2023 Resolutions for Script Kiddies

Introduction 2022 was a tough year. It seemed like no one was safe. Nvidia, Samsung, Ubisoft, T-Mobile, Microsoft, Okta, Uber—and those were just some of Lapsus$’s breaches. What’s a Script Kiddie to do to be better protected in 2023? Another year in the books, and it was another big year for cybersecurity. While 2022 did not have the big, large-scale
Publish At:2023-01-17 13:31 | Read:260692 | Comments:0 | Tags:Active Directory Security Review Application Security Assess

Looting iOS App’s Cache.db

Insecure By Default Mobile application assessments diverge somewhat from normal web application assessments as there is an installed client application on a local device to go along with the backend server. Mobile applications can often work offline, and thus have a local store of data. This is commonly in the form of SQLite databases stored in the applic
Publish At:2022-12-01 13:29 | Read:270228 | Comments:0 | Tags:Application Security Assessment Mobile Security Assessment P

Auditing Exchange Online From an Incident Responder’s View

Business Email Compromise (BEC) within the Microsoft 365 environment is becoming a more common attack vector. In case you’re unfamiliar with what exactly BEC entails, it’s when an attacker or unauthorized user gains access to a business email account via social engineering. Most commonly, an attacker compromises an account, intercepts email conversation(s),
Publish At:2022-11-08 13:28 | Read:210784 | Comments:0 | Tags:Application Security Assessment Cloud Assessment Incident Re

The Curious Case of the Password Database

Nowadays, password managers are king. We use password managers to secure our most sensitive credentials to a myriad of services and sites; a compromise of the password manager could prove devastating. Due to recently disclosed critical Common Vulnerabilities and Exposures (CVEs) involving ManageEngine’s Password Manager Pro software, a client came t
Publish At:2022-10-20 10:04 | Read:252484 | Comments:0 | Tags:Active Directory Security Review Application Security Assess

Working with data in JSON format

What is JSON? What is JSON? JSON is an acronym for JavaScript Object Notation. For years it has been in use as a common serialization format for APIs across the web. It also has gained favor as a format for logging (particularly for use in structured logging). Now, it has become even more common for command line applications to use JSON to serialize gener
Publish At:2022-09-27 10:03 | Read:378631 | Comments:0 | Tags:Application Security Assessment Endpoint Hygiene Automation

Watch Out for UUIDs in Request Parameters

The Plugin: https://github.com/GeoffWalton/UUID-Watcher Some time ago on the TrustedSec Security Podcast, I shared a Burp Suite plugin I developed to hunt Insecure Direct Object Reference (IDOR) issues where applications might be using UUIDs or GUIDs (unique identifiers) as keys, assuming discovery attacks will not be possible. The plugin produces a repor
Publish At:2022-09-22 10:03 | Read:283982 | Comments:0 | Tags:Application Security Assessment Penetration Testing Security

Scraping Login Credentials With XSS

Unauthenticated JavaScript Fun In prior blog posts I’ve shown the types of weaponized XSS attacks one can perform against authenticated users, using their session to access and exfiltrate data, or perform actions in the application as that user. But what if you only have unauthenticated XSS? Perhaps your client hasn’t provided you with credent
Publish At:2022-07-07 11:04 | Read:681250 | Comments:0 | Tags:Application Security Assessment Penetration Testing Red Team

Avoiding Mixed Content Errors with an HTTPS Python Server

Disclaimer: To set up a secure Python server, we need a domain name that we can access. 1. Introduction At some point during penetration testing, bug hunting, and capture the flag competitions, we will likely need to download a file or send a request to a server that we can access. Depending on what we want to accomplish, hosting content from a server
Publish At:2022-02-17 11:58 | Read:274175 | Comments:0 | Tags:Application Security Assessment Penetration Testing Security

Hacking the My Arcade Contra Pocket Player – Part I

Intro I was at my local Target recently and spotted the section near the video games, where there were some little collectable arcade systems and handhelds that play games like Pac-Man, Galaga, and Contra. Figure 1 – Target Arcade Games and Handhelds Whenever I see these types of systems, I like to pick one up to tear it apart and see what’s i
Publish At:2021-12-09 15:53 | Read:536723 | Comments:0 | Tags:Application Security Assessment Hardware Security Assessment

Persistence Through Service Workers-Part 3: Easy JavaScript Payload Deployment

In “Persistence Through Service Workers—PART 2: C2 Setup and Use,” we demonstrated setting up the Shadow Workers C2 server and how to add both the service worker JavaScript and what Shadow Workers calls the “XSS Payload” JavaScript to the target application. In the example, we didn’t load the “XSS Payload” through a cross-site scripting vulnerabi
Publish At:2021-11-23 11:56 | Read:538994 | Comments:0 | Tags:Application Security Assessment Penetration Testing Red Team

Persistence Through Service Workers—Part 2: C2 Setup and Use

In Part 1 of this 2-part blog, we provided an overview of service workers and created an appropriate target application to exploit using Shadow Workers. In this blog post we’ll build our C2 server in Digital Ocean and use Shadow Workers to exploit the target application. It is highly recommended to read Part 1 prior to reading this post.For our Shadow Worker
Publish At:2021-10-07 13:22 | Read:283495 | Comments:0 | Tags:Application Security Assessment Penetration Testing Red Team

Persistence Through Service Workers—Part 1: Introduction and Target Application Setup

During a recent discussion about achieving persistence on a web server, someone suggested that I explore using browser service workers. As I began reading about what service workers do, the possibilities for Red Team applications seemed intriguing. But first, I had to find out…what exactly is a service worker? In their efforts to make web applications mor
Publish At:2021-10-05 09:26 | Read:380607 | Comments:0 | Tags:Application Security Assessment Penetration Testing Red Team

Update: The Defensive Security Strategy

Original post:  https://www.trustedsec.com/blog/the-defensive-security-strategy-what-strategy/ Massive exposures and attacks, such as recent SolarWinds and Exchange exploit issues, have been common news lately. While the security landscape has advanced and changed, these massive exposures are continuing to occur. The question is why, and how, are the
Publish At:2021-09-09 14:27 | Read:372778 | Comments:0 | Tags:Application Security Assessment Leadership Mobile Security A


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud