Jul 032014
 

Recently, I found an interesting issue qualifying on Yahoo! Pipes. But before going into the details of this specific issue, let’s understand some basic points. What does Authorization mean? In general, authorization relates to the set of activities which a user can perform once logged on to a particular system. This is typically divided into the following two categories: Horizontal Privilege – Basically all user having same the same rights – for example, all Facebook Read More…

Jul 012014
 

Couple of days back, I reported XSS and Content Spoofing on LinkedIn. Here are the details of the issues. Cross Site Scripting: What is Cross Site Scripting? XSS (Cross-site Scripting) allows an attacker to execute a dynamic script (Javascript, VbScript) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly to steal the Read More…

Apr 302014
 

During a routine penetration testing engagement, we found an IIS webserver with HTTP methods (verbs) like PUT and DELETE enabled on it. During enumeration of the web server we figured it was configured to run PHP as well. The PUT method allows an attacker to place a file on the server. Uploading a web shell was our obvious choice. However due to some security settings enabled on the server we were unable to upload any Read More…

 Posted by at 4:05 pm
Apr 172014
 

Scenario: One of our clients observed a suspicious behavior in a program and wanted us to analyze and identify if any malicious activities were being performed by the same. The program wasn’t detected by their anti-virus solution during ‘file access operations’. However, some unusual outbound network traffic triggered alerts from the network monitoring team. Filename Size (in bytes) File Type Hash pprtc.exe 71,168 PE (Win32) (MD5)dda3b490cd01690e12b280e5bb935bce (SHA1)ca4175a0c526d1be74fd1b00668e0799e41f0e76 Table 1: Suspect File Details Opening the file Read More…

Apr 102014
 

Heartbleed Advisory & FAQ Please find below a quick FAQ on the Heartbleed vulnerability and what you can to address it: UPDATE June 5, 2014: 7 New bugs fixed in OpenSSL Q. What is the Heartbleed vulnerability and what is its impact? The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This includes pretty much all Apache web servers as Read More…

Mar 292014
 

Most large organizations provide wireless facilities for their guest, which may include vendors, consultants, business associates, employees from other regions etc. Certain points should be considered while implementing a guest wireless network. Encryption in use Captive Portals or Guest Authentication Network Segregation Finding the SSID of a Hidden wireless network To simplify the connectivity for guest devices some organizations configure their networks without encryption i.e. ‘OPEN’. To prevent un-authorized entities from connecting to their networks Read More…

Jan 282014
 

SQL injection – one of the most critical vulnerabilities till now – is still included in the OWASP Top 10 list’s Injection flaws section. SQLMap is a tool that helps penetration testers prove that SQL injection is one the most critical vulnerabilities present in enterprise security. ‘SQLMap’is a simple python based tool to exploit SQL injection vulnerabilities to the level where it raises eyebrows becausethis tool can be used: To scan web application for SQL Read More…