Attacks… Exploiting F5 Big IP Vulnerability | CVE-2020-5902 8 Jul 20209 Jul 2020 CVE-2020-5902 is a critical remote code execution vulnerability in the configuration interface (aka Traffic Management User Interface – TMUI) of BIG-IP devices used by some of the world’s biggest companies.…
#Metasploit… Windows Takeover with a PDF File 18 Jun 202018 Jun 2020 There are multiple ways to exploit and take over a Windows machine, today we will look at doing this with a PDF file containing a virus. For this you will…
Attacks… Discover & Attack Raspberry Pi’s on a Network 16 Jun 202020 Jun 2020 Many people never bother to change their default password on their devices. For a Raspberry Pi, this can leave it extremely vulnerable. Today, we will be looking at a little…
#Metasploit… Heartbleed Discovery and Exploit 1 Feb 202018 Jun 2020 Heartbleed is a security bug in the OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security protocol. It was introduced into the software in 2012…
#career… Linux Security Fundamentals (LFS216) 9 Jan 2020 Course Overview This course is a comprehensive look at the security challenges that can affect almost every system, especially with the seamless connectivity we seek from the Internet. Many of…
AppSec… Gaining Root From a Buffer Overflow Vulnerability 9 Dec 201918 Jun 2020 Buffer overflow flaws can be present in both the web server and application server products that serve the static and dynamic portions of a site, or in the web application…
#Metasploit… Write an IMAP Fuzzing Tool 3 Dec 20193 Dec 2019 Picture this scenario. During a host reconnaissance session we discovered an IMAP Mail server which is known to be vulnerable to a buffer overflow attack (Surgemail 3.8k4-4). We found an…
AppSec… First Stack Buffer Overflow to modify Variable 30 Nov 201930 Nov 2019 Stack0: https://exploit.education/protostar/s... Intel Reference: intel.de/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-instruction-set-reference-manual-325383.pdf
AppSec… XML External Entity (XXE) Vulnerability 14 Oct 20199 Mar 2020 According to OWASP, an XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to…
#Metasploit… Exploiting Routers With Routersploit 26 Sep 201912 Jun 2020 If you have Wi-Fi at home, then you have a router, this is how you get your internet access. Today we will be looking a piece of software that allows…
AppSec… Enabling Monitor Mode & Packet Injection on the Raspberry Pi 20 May 201920 May 2019 By Kodyhttps://null-byte.wonderhowto.com/how-to/enable-monitor-mode-packet-injection-raspberry-pi-0189378/The Raspberry Pi Zero W and Pi 3 Model B+ include integrated Wi-Fi, Bluetooth Low Energy, and more than enough power to run Kali Linux. They sound like perfect…
#career… OWASP A2: Broken Authentication and Session Management Cause and Prevention 12 May 201912 May 2019 Threat Agents Attack Vectors Security Weakness Technical Impacts Business Impacts Application Specific Exploitability AVERAGE Prevalence WIDESPREAD Detectability AVERAGE Impact SEVERE Application / Business Specific Consider anonymous external attackers, as well…
#career… Malware Analysis With Valkyrie 22 Apr 201914 Oct 2019 Valkyrie is a malware analysis tool that's free for you for a year to try out. You can visit https://valkyrie.comodo.com to sign up. Once you sign up you will presented…
AppSec… Adblock Plus filter lists may execute arbitrary code 15 Apr 201915 Apr 2019 A new version of Adblock Plus was released on July 17, 2018. Version 3.2 introduced a new filter option for rewriting requests. A day later AdBlock followed suit and released…
AppSec… Emotet The Banking Trojan 11 Apr 2019 Emotet is a kind of malware originally designed as a banking Trojan aimed at stealing financial data, but it’s evolved to become a major threat to users everywhere. Let’s talk…
#career… Create An SQL Backdoor 7 Apr 20197 Apr 2019 SQL Malware affects a variety of database-driven applications, including but not limited to web applications, services, and desktop applications. This breed of malware is made possible by the SQL functionality for triggers and stored sub-procedures. Notice: SQL malware persists beyond deletion of rows…
#Metasploit… NetBIOS Auxiliary Modules 26 Mar 201927 Mar 2019 Full article: https://www.offensive-security.com/metasploit-unleashed/scanner-netbios-auxiliary-modules/ nbname The nbname auxiliary module scans a range of hosts and determines their hostnames via NetBIOS. msf > use auxiliary/scanner/netbios/nbname msf auxiliary(nbname) > show options Module options (auxiliary/scanner/netbios/nbname): Name…
AppSec… CSRF Code Examples and Defense 3 Mar 20193 Mar 2019 CSRF is an attack that tricks the victim into submitting a malicious request. It inherits the identity and privileges of the victim to perform an undesired function on the victim's…
AppSec… VFEmail Suffers ‘Catastrophic’ Hack 13 Feb 2019 Email company VFEmail suffered what they call a "catastrophic" hack that destroyed their primary and backup data for the U.S. The firm’s founder says he now fears some 18 years’…
Bugs… Cuckoo – Sandboxed Malware Analysis 27 Dec 201822 Nov 2019 What is Cuckoo? Cuckoo Sandbox is the leading open source automated malware analysis system. You can throw any suspicious file at it and in a matter of minutes Cuckoo will provide…
AppSec… SQL Injection Attacks 20 Nov 2018 A customer asked that we check out his intranet site, which was used by the company's employees and customers. This was part of a larger security review, and though we'd…
#Metasploit… Payload in PDF 12 Nov 2018 Infected PDFs have always been a privileged way to infect users because this document format is very common and used by almost everyone. Moreover, it exists many ways to exploit Acrobat Reader…
#career… Now Is The Time, Linux is the Direction 11 Nov 201824 Jan 2019 Your future matters to us @ LSB, so get into Linux and see the new world it will open for you. Created by QuBits 2018-11-11
AppSec… OWASP Security Shepherd- Session Management Challenge One – Solution – LSB 12 Oct 201812 Oct 2018 We have another solution in the OWASP Security Shepherd challenges and we enjoyed completing this one. You can find out about Session Management from OWASP here. So let's get on…
AppSec… Penetration Testing – Complete Guide 10 Oct 201810 Dec 2018 What is Penetration Testing? It’s the process to identify security vulnerabilities in an application by evaluating the system or network with various malicious techniques. The weak points of a system…
AppSec… OWASP Security Shepherd – Failure To Restrict Access Solution – LSB 27 Sep 201827 May 2019 Am I Vulnerable To 'Failure to Restrict URL Access'? The best way to find out if an application has failed to properly restrict URL access is to verify every page. Consider for…
AppSec… OWASP Security Shepherd – SQL Injection Solution – LSB 15 Sep 201819 Sep 2019 A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data…
AppSec… Create a Persistent Back Door with Kali, Netcat and Weevely 13 Sep 201818 Jun 2020 This post will dive into how we can take advantage of a vulnerability in a web application to gain access and upload a backdoor that we can connect to in…
AppSec… OWASP Security Shepherd – Cross Site Scripting One Solution – LSB 12 Sep 201812 Sep 2018 Welcome back to LSB my budding hackers. Today's lesson is about Cross Site Scripting (Or XSS). Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected…
AppSec… OWASP Security Shepherd – Failure To Restrict Access Solution – LSB 7 Sep 20187 Sep 2018 What is Failure to Restrict URL Access Vulnerability/Threat? Failure to restrict URL access occurs in applications hide functionality from non-privileged users. In an application that fails to restrict URL access, administration…
AppSec… XSS in Canopy login page 21 Jun 201821 Jun 2018 [Description] CheckSec Canopy 3.x before 3.0.7 has stored XSS via the Login Page Disclaimer, allowing attacks by low-privileged users against higher-privileged users.This instance of stored cross-site scripting (XSS) vulnerability could…
Attacks… Removing Chrome Adware 30 Jan 201830 Jan 2018 Here are couple of suggestions. When I mention commands, those are to be issued in command-line aka terminal , which you can access by pressing CtrlAltT Remove google-chrome related folders,…
AppSec… Spamming Facebook Messages 3 Jan 201811 Apr 2018 We have reported this bug to Facebook and they replied asking "How is this different than hitting the message button?" If you want to spam everyone in the World that…
Attacks… Nmap Scripts for Recon 5 Dec 201727 Dec 2018 These Nmap NSE Scripts are all included in standard installations of Nmap. Use them to gather additional information on the targets you are scanning. The information can both add context…
Attacks… Hackers can bypass new protections in MacOS High Sierra 29 Nov 201729 Nov 2017 MacOS High Sierra protections can be bypassed, but will make security researchers and companies work more difficult Hackers can bypass a new security feature in MacOS High Sierra to load…
AppSec… OWASP – A2 – Broken Authentication and Session Management – LSB 24 Nov 201729 Jun 2018 Threat Agents Consider anonymous external attackers, as well as users with their own accounts, who may attempt to steal accounts from others. Also consider insiders wanting to disguise their actions.…
AppSec… Exploiting CSRF under NoScript Conditions 22 Nov 201716 Mar 2019 CSRFs -- or Cross-Site Request Forgery vulnerabilities -- occur when a server accepts requests that can be “spoofed” from a site running on a different domain. The attack goes something like this:…
Bugs… Amazon Key Lets Delivery People into Your House and It Just Got Hacked 16 Nov 201716 Nov 2017 A hardware safeguard in Amazon’s recently launched while-you’re-out delivery service turns out to have a big hole. And, well—let’s just say you probably should have seen this coming. Amazon Key uses a smart…
AppSec… On Web Extensions shortcomings and their impact on add-on security 12 Nov 201712 Nov 2017 Recently, I reported a security issue in the new Firefox Screenshots feature (fixed in Firefox 56). This issue is remarkable for a number of reasons. First of all, the vulnerable code was…
AppSec… OWASP Security Shepherd – Security Misconfiguration – Solution – LSB 2 Nov 201712 Dec 2019 Welcome back to another OWASP Security Shepherd solution. This challenge is called Security Misconfiguration. So we are given a Username and Password field and we can get the result key…
AppSec… Owasp Security Shepherd – Poor Data Validation – Solution – LSB 8 Sep 201710 Jun 2019 Welcome hackers to a new OWASP Security Shepherd solution. The challenge in question is the Poor Data Validation and this happens when data is only checked on the client side.…
AppSec… How to Hijack Web Browsers Using BeEF 28 Aug 20177 Nov 2017 Welcome back my fellow hackers! Today we’re going to be introducing a new tool for hacking web browsers. Often times, we will need to exploit a variety of vulnerabilities associated…
