HackDig : Dig high-quality web security articles for hackers

Intro to Web App Security Testing: Logging

A Brief Look at Approaches to Logging and Pitfalls to Avoid TL;DR The Logger++ extension is a great tool for recording requests and responses across all of Burp Suite. However, it is important to ensure enough log entries are retained from the tools you expect and that logs are exported if you want to keep them (my preference is automatic export to CSV
Publish At:2020-10-01 11:05 | Read:204 | Comments:0 | Tags:Application Security Assessment Penetration Testing Security

Azure Account Hijacking using mimikatz’s lsadump::setntlm

Not long ago, I was on an engagement where the client made use of a hybrid Office 365 environment. In their setup, authentication credentials were managed by the on-premises Active Directory (AD) Domain Controller and then synced to Azure AD via Azure AD Connect. We were tasked with gaining access to sensitive customer information. And while we were able
Publish At:2020-09-30 11:38 | Read:80 | Comments:0 | Tags:Application Security Assessment Penetration Testing Security

Setting the ‘Referer’ Header Using JavaScript

Or, “I’m Sorry, You Said You’re from Where Again?” In a prior webinar on creating weaponized Cross-Site Scripting (XSS) payloads, I mentioned that XSS payloads (written in JavaScript) could not change the HTTP Referer header. Malicious requests made through an XSS payload will often have an unexpected Referer header that does not generally make sense in t
Publish At:2020-09-30 11:38 | Read:65 | Comments:0 | Tags:Application Security Assessment Mobile Security Assessment P

Fuzzing the Front End!

So, who is testing the client-side components of Single Page Applications (SPAs)? What are you doing exactly, dropping a few cross-site scripting (XSS) polyglots into boxes like you used to do with “<ScRiPt>alert(123)</sCrIpT>” for traditional apps back in 2001?  Are you mostly holding out hope that all big problems will be in the back-en
Publish At:2020-09-08 15:39 | Read:212 | Comments:0 | Tags:Application Security Assessment Mobile Security Assessment

So, You Got Access to a *nix system… Now What?

Note to Reader: For simplicity, I will be referring to all Unix, Linux, and other Unix-like systems simply as *nix, unless a specific distinction needs to be made. As a pentester, you will likely come across a *nix system at some point. If you are like many of the people I have worked with and encountered in the security industry, you are much more famili
Publish At:2020-09-01 15:37 | Read:156 | Comments:0 | Tags:Application Security Assessment Penetration Testing Security

A Discussion on Serverless Application Vulnerabilities

The main advantage of utilizing serverless architecture, such as Amazon Web Services (AWS), is that it is a great way to build applications without having to manage the infrastructure. The provider will provision, scale, and maintain the servers to run applications, databases, and storage systems. Naturally, this offloads the risk of server-side insecurities
Publish At:2020-08-06 07:49 | Read:392 | Comments:0 | Tags:Application Security Assessment Mobile Security Assessment

The Updated Security Pro’s Guide to MDM, MAM, and BYOD

Bring your own device (BYOD) is an accepted convention, most commonly for mobile devices, in corporate environments. Even company-owned devices are treated by employees as personal devices and are often incorporated into the environment in the same way that employee-owned devices are. Our job in information security is to ensure that the business initiatives
Publish At:2020-07-30 17:32 | Read:343 | Comments:0 | Tags:Application Security Assessment

Thycotic Secret Server: Offline Decryption Methodology

On offensive engagements, we frequently encounter centralized internal password managers that are used by various departments to store incredibly sensitive account information, such as Domain Admin accounts, API keys, credit card data, the works. It used to be that these systems were implemented without multi-factor authentication. “Hacking” them was as simp
Publish At:2020-07-28 15:20 | Read:267 | Comments:0 | Tags:Application Security Assessment Penetration Testing Red Team

8 Keys to Writing Safer Code

All too often, security in code is an afterthought. There’s a reason that bug bounties are so prevalent; as codebases get larger, testing gets harder. Add in the time constraints of a “move fast and break things” mentality and it’s no wonder so many security issues arise. The basics might be there, encrypted connections, hashed passwo
Publish At:2020-07-09 11:54 | Read:423 | Comments:0 | Tags:Application Security Assessment Penetration Testing Security

MSBuild: A Profitable Sidekick!

This blog post highlights some good techniques to use when restricted to testing an up-to-date Windows system with low-level user privileges (no local admin) through a Remote Desktop Protocol (RDP) connection. The Situation: At the start of this engagement, I faced the common task of needing to escalate privileges after acquiring low-level access to a
Publish At:2020-06-25 12:01 | Read:317 | Comments:0 | Tags:Application Security Assessment Security Testing & Analysis

Abusing Windows Telemetry for Persistence

Today we’re going to talk about a persistence method that takes advantage of some of the wonderful telemetry that Microsoft has included in Windows versions for the last decade. The process outlined here affects Windows machines from 2008R2/Windows 7 through 2019/Windows 10.As of this posting, this persistence technique requires local admin rights to i
Publish At:2020-06-09 06:06 | Read:557 | Comments:0 | Tags:Application Security Assessment Penetration Testing Research

Theft From Online Shopping Carts – Past and Present

Past Circa 2007, during a penetration test, I encountered an online shopping cart that exposed a variable containing a product’s price and it allowed for manipulation to lower the cart’s total. In early 2008, research was conducted to answer the question – just how many carts are vulnerable to such a trivial hack? At the time, PayPal had
Publish At:2020-06-04 10:55 | Read:320 | Comments:0 | Tags:Application Security Assessment

Introducing Proxy Helper – A New WiFi Pineapple Module

I have had several occasions when I’ve been performing a pentest against an Android or iOS application, attempting to monitor the traffic with Burp Suite, only to realize that the application is not respecting my proxy settings. Now, if you have a rooted or jailbroken device, there are some ways you can force the application to go through a proxy, but
Publish At:2020-05-26 13:56 | Read:422 | Comments:0 | Tags:Application Security Assessment Hardware Security Assessment

Breaking Typical Windows Hardening Implementations

In this post, I will go over some hardening configurations that are typically set in Group Policy settings and ways to bypass them. It is important to remember that hardening configurations can be a whole series of different settings. For this post, I am showing only a few specific settings, meaning that if these were in a real hardened environment, some of
Publish At:2020-05-18 12:54 | Read:471 | Comments:0 | Tags:Application Security Assessment Penetration Testing Security

Practical OAuth Abuse for Offensive Operations – Part 1

Background OAuth is an open authorization standard that facilitates unrelated servers and services working together, allowing access to their assets without sharing the initial, related, single logon credential. I have been thinking of it as a kind of Kerberos for external services, without a shared domain or forest. A familiar instance would be authen
Publish At:2020-05-18 12:54 | Read:497 | Comments:0 | Tags:Application Security Assessment Penetration Testing Purple T

Tools

Tag Cloud