Responsive image

Practical Web Cache Poisoning

Web cache poisoning has long been an elusive vulnerability, a 'theoretical' threat used mostly to scare developers into obediently patching issues that nobody could actually exploit.
Tags: burp,exploit,method,cache,security

NTLM Credentials Theft via PDF Filesned

Just a few days after it was reported that malicious actors can exploit a vulnerability in MS outlook using OLE to steal a Windows user’s NTLM hashes, the Check Point research team can also reveal that NTLM hash leaks can also be achieved via PDF files with no user interaction or exploitation.
Tags: exploit,pdf,CVE-2018-4993

How to Read an RFC

For better or worse, Requests for Comments (RFCs) are how we specify many protocols on the Internet. These documents are alternatively treated as holy texts by developers who parse them for hidden meanings, then shunned as irrelevant because they can’t be understood. This often leads to frustration and – more significantly – interoperability and security issues.
Tags: rfc

SSRF bible. Cheatsheet - Google Docs

SSRF - Server Side Request Forgery attacks. The ability to create requests from the vulnerable server to intra/internet. Using a protocol supported by available URI schemas, you can communicate with services running on other protocols. Here we collect the various options and examples (exploits) of such interaction.
Tags: ssrf,security,web,appsec

GhostPack – harmj0y

Anyone who has followed myself or my teammates at SpecterOps for a while knows that we’re fairly big fans of PowerShell. I’ve been involved in offensive PowerShell for about 4 years, @mattifestation was the founder of PowerSploit and various defensive projects, @jaredcatkinson has been writing defensive PowerShell for years, and many of my teammates (@tifkin_, @enigma0x3, rvrsh3ll, @xorrior, @andrewchiles, and others) have written various security-related PowerShell projects over the past several years, totaling thousands of lines of code.
Tags: security,powershell,offensive

Complete Domain Compromise with Golden Tickets | Insider Threat Blog

Use Mimikatz to get password hashes for the KRBTGT account to forge Kerberos tickets (TGTs), Golden Tickets, to compromise all accounts in Active Directory.
Tags: windows,security,tickets,golden

Security - WebAssembly

The security model of WebAssembly has two important goals: (1) protect users from buggy or malicious modules, and (2) provide developers with useful primitives and mitigations for developing safe applications, within the constraints of (1).
Tags: web,assembly,security

Is WebAssembly the return of Java Applets & Flash?

In my last post on WebAssembly, I made the following claim: Some have compared WebAssembly to Java applets; in some ways, they’re very right, but in some ways, they’re very wrong. Eventually I’ll write a post about the wrong, but for now, the... | Steve Klabnik | “The most violent element in society is ignorance.” - Emma Goldman

Detecting the use of "curl | bash" server side | Application Security

Another reason not to pipe from curl to bash. Detecting curl | bash serverside.
Tags: bash,curl,security,piping

My PoC walk through for CVE-2018–6789 – Bruce Lee – Medium

On March 6, 2018, a security researcher named “meh” (will be referred to as author from now on) published a blog post[1] on the vulnerability CVE-2018–6789 that she identified in EXIM 4.89 and below…
Tags: cve,poc,walkthorugh,tutorial,exploit