A security researcher (Joel Noguera @niemand_sec) discovered a ‘critical’ misconfiguration bug in Spring Data’s Application Level Profile Semantics (ALPS). This bug allows unauthenticated users to perform an Application Programming Interface (API) request, which responds with sensitive user data that can be utilized, manipulated, or even deleted.

I’m sure everyone is already using Masscan and I’m the last one to jump on the bandwagon. Honestly, I don’t know how I got anything done before finding this tool. If you’re not aware, Masscan is an asynchronous, TCP network port scanner. It’s an incredibly fast tool that can be used to quickly identify live services to target te

Red team testing is a key way to help prevent data breaches today. Most cyber defense focuses on spotting openings and fixing general risks in your environment. Red teaming not only reduces risks, but also prevents possible breaches. Methods, such as threat modeling, static analysis and dynamic testing, reduce the attack surface but do not eliminate risk. W

SecureLayer7 to become a CREST certified penetration tester has passed the requesting appraisal needed to turn into an individual from Certificate CREST, the not-revenue driven accreditation and confirmation body that speaks to the specialized data security industry. SecureLayer7 is one of the few settled cybersecurity organizations to get CREST Certified Pe

In this post, I will cover some easy things that defenders can do to make it harder for attackers to succeed. As you all know, there is never a silver bullet when it comes to security, so these tips will only make it harder for attackers by focusing on the basics, and sometimes, that helps a lot. This post assumes you have basic knowledge such as how to crea

byPaul DucklinHi, everyone – for S3 Ep8, we’ve gone live a day early to take into account the US Thanksgiving holiday on Thursday. (Followed, of course, by Black Friday, so if you’re splashing out online, please take care out there!)This week, we talk to hacker and vulnerability disclosure pioneer, Katie Moussouris. Katie Moussouris, CEO of

This is a continuation of The Tale of the Lost, but not Forgotten, Undocumented NetSync (part 1) and in this section, we will look to answer: What are Some Early Indicators to Detect NetSync at the Host-based Level?What are Some Possible Controls to Deter NetSync? In an accompanying blog post, Wes Lambert (@therealwlambert) steps through a packet captu

They say, “Everything old is new again.” Or, if you are a Game of Thrones fan, “What is dead may never die.” For me, however, a mentor once told me, “Everyone is going forward. I’m going backward.” Enter NetSync… I find Twitter to be a good source for InfoSec tactics, techniques, and procedures (TTPs). An

IntroductionWhile penetration testing and Red Teaming are crucial to check a system’s security and to validate potential entry-points in the infrastructure, sometimes establishing an initial foothold on the target can be a big challenge due to host IDS agents, host firewalls, antivirus or even due to bypass security appliances that are inspecting inter

A Brief Look at Approaches to Logging and Pitfalls to Avoid TL;DR The Logger++ extension is a great tool for recording requests and responses across all of Burp Suite. However, it is important to ensure enough log entries are retained from the tools you expect and that logs are exported if you want to keep them (my preference is automatic export to CSV

IntroductionThe SQLMap tool can be found in every penetration tester’s toolbox. It is one of the most popular and powerful tools when it comes to exploiting SQL injection vulnerability, which itself tops the OWASP list of Top 10 Vulnerabilities. From confirming the SQL injection vulnerability to extracting the database name, tables, columns and g

Not long ago, I was on an engagement where the client made use of a hybrid Office 365 environment. In their setup, authentication credentials were managed by the on-premises Active Directory (AD) Domain Controller and then synced to Azure AD via Azure AD Connect. We were tasked with gaining access to sensitive customer information. And while we were able

Or, “I’m Sorry, You Said You’re from Where Again?” In a prior webinar on creating weaponized Cross-Site Scripting (XSS) payloads, I mentioned that XSS payloads (written in JavaScript) could not change the HTTP Referer header. Malicious requests made through an XSS payload will often have an unexpected Referer header that does not generally make sense in t

Ransomware, a malware that is capable of encrypting the files of the user. This eventually leads to a demand for ransom in exchange for restoring the users’ data post payment. There are some vectors that allow ransomware to get the right of entry or access to a computer or server. One of the maximum common systems for delivering ransomware by using

Recently, I was on an engagement where I discovered I had plaintext credentials to an account that could modify Active Directory Group Policy Objects (GPOs). This proved to be a fun challenge, as Group Policy files and properties can be bent to our will even when hacking through a straw (SOCKS only, in this case). Goal: Use Group Policy to pull down a fil