Antiviruses are extremely useful tools – but not in situations when you need to remain unnoticed on an attacked network. Today, I will explain how to fool antivirus programs and avoid detection in compromised systems during penetration testing.
Read full article →Dangerous developments: An overview of vulnerabilities in coding services
Development and workflow management tools represent an entire class of programs whose vulnerabilities and misconfigs can turn into a real trouble for a company using such software. For a pentester, knowledge of these bugs is a way to successful exploitation; while for an admin, it’s a great opportunity to enhance the protection. This article discusses vulnerabilities discovered in Jira, Confluence, Asana, Docker, GitLab, and other similar products.
Read full article →Kernel exploitation for newbies: from compilation to privilege escalation
Theory is nothing without practice. Today, I will explain the nature of Linux kernel vulnerabilities and will shown how to exploit them. Get ready for an exciting journey: you will create your own Linux kernel module and use it to escalate your privileges to superuser. Then you’ll build a Linux kernel with a vulnerable module, prepare everything required to run the kernel in a QEMU virtual machine, and automate the kernel module loading process. Finally, you will learn how to debug the kernel and use the ROP technique to gain root privileges.
Read full article →First contact: An introduction to credit card security
I bet you have several cards issued by international payment systems (e.g. Visa or MasterCard) in your wallet. Do you know what algorithms are used in these cards? How secure are your payments? People pay with such cards every day but know very little about them. Numerous myths accompany card payments. But to understand what tricks can be used to steal money from a card, you must first get an idea of the payment mechanisms used in it.
Read full article →Bug in Laravel. Disassembling an exploit that allows RCE in a popular PHP framework
Bad news: the Ignition library shipped with the Laravel PHP web framework contains a vulnerability. The bug enables unauthorized users to execute arbitrary code. This article examines the mistake made by the Ignition developers and discusses two exploitation methods for this vulnerability.
Read full article →Step by Step. Automating multistep attacks in Burp Suite
When you attack a web app, you sometimes have to perform a certain sequence of actions multiple times (e.g. brute-force a password or the second authentication factor, repeatedly use the same resource, etc.). There are plenty of tools designed for this purpose. Which one to choose if you need, for instance, to make five requests over HTTP a thousand times in a row, while maintaining the same session? My choice is Burp Suite, and in this article, I will explain why.
Read full article →Post-quantum VPN. Understanding quantum computers and installing OpenVPN to protect them against future threats
Quantum computers have been widely discussed since the 1980s. Even though very few people have dealt with them by now, such devices steadily become a harsh reality threatening traditional cryptography. In response to this threat, computer engineers have developed post-quantum encryption algorithms. In this article, I will show how these algorithms are applied in OpenVPN and will give an overview of the current situation in the world of quantum technologies.
Read full article →