Articles

Back

Finding Command Injection

Command Injection vulnerabilities are a class of application security issue where an attacker can cause the application to execute an underlying operating system command. Command Injection vulnerabilities occur where user supplied input is insecurely included within an operating system command, allowing a threat actor to execute additional commands or alter the syntax ...

SQL Injection: Filter Evasion with Sqlmap

We’ve previously written about many different techniques for Finding and Exploiting SQL Injection vulnerabilities. However, there are often restrictions and interim technologies such as Web Application Firewalls that can prevent certain payloads from being used. In some instances filters can be bypassed through common encoding mechanisms, however often these will be ...

Exploiting Path Traversal

Path Traversal, also known as Directory Traversal, is a vulnerability where a user can alter a path used by an application. For file retrieval functionality this can allow a threat actor to access files that are not intentionally disclosed. For file upload functionality this can allow for website defacement, code execution and ...

Strong Passwords: The Problem with Complexity

Weak passwords are those which are predictable and can be easily guessed. To ensure that users do not select weak passwords organisations may look to enforce password complexity. Complexity refers to the requirement to use a mixed character set. For example, on Active Directory accounts complexity requires three of the ...

Implementing Certification Authority Authorization (CAA)

Certification Authority Authorization (CAA) is a used to specify which Certificate Authorities may issue certificates for the domain. Whilst lack of CAA does not constitute a vulnerability itself, it may be used to harden the transport layer security of an application by reducing the risk of certificates being mis-issued. Additionally, ...

Controlled Chaos

Major outages in major public cloud providers such as Azure and AWS are rare, but they do happen. Today OVH had a major incident: “OVH datacenter burns down knocking major sites offline” and they’re not the only ones to experience these issues, for example Amazon had a major outage in November and Microsoft had ...

SQL Injection Exploitation: Out-of-Band

Out-of-band exploitation refers to exploits where the extracted information is received over a connection other than the one the payload was delivered over. It can be used to bypass defensive technologies as well as complicating the detection and response capability. SQL Injection can be exploited out-of-band through protocols such as ...

Preventing Windows Accounts Being Bruteforced

In a previous article we discussed how bruteforcing Windows accounts is often easier than people expect. In this post – we’ll cover some steps to harden these accounts. The Observation Window When configuring an account lockout threshold on a Domain another setting is suggested, the observation window. This setting effectively reduces the ...

Strong Passwords: Three Random Words

When performing security tests, we very often come across weak passwords. We often see dictionary words with suffixes such as Welcome1, Password123, or Lockdown2020. We also see “leet” substitutions, such as P@55w0rd, 3l3ph@nt, or L0ckd0wn. We’ve previously shown how quickly password cracking can be performed. With passwords like the above they ...

8 / 13
Play Cover Track Title
Track Authors