Martin Fürholz – WindowsTechs.com

Secure a virtual machine during a lab exercise

Posted on July 19, 2020 by Martin Fürholz

I recently started the Offensive Security AWAE course.
On their connectivity guide page, they warn about the hazards of connecting to their labs:

you will be exposing your computers’ VPN IP to other students taking the course with you. Du… Continue reading Secure a virtual machine during a lab exercise→

Is it bad practice to request different representations with the exact same GET request, and are there security concerns? [closed]

Posted on June 15, 2020 by Martin Fürholz

I am testing some mobile banking app.
They have a feature to fill in all info for a payment automatically.
It does that with two requests:

A POST request to POST paymentdata.php, which submits all payment
data (account no., name, amount, … Continue reading Is it bad practice to request different representations with the exact same GET request, and are there security concerns? [closed]→

What is the use case of request signing in this mobile app?

Posted on February 11, 2020 by Martin Fürholz

The API of a mobile app I was testing is sending the AWS AccessKeyId and SecretKey used for request signing from the AWS Cognito server unencrypted (apart from the regular TLS encryption). Making it possible to re-sign all requests to thei… Continue reading What is the use case of request signing in this mobile app?→

CSRF token unique per user session – Why?

Posted on May 11, 2019 by Martin Fürholz

OWASP recommends that a CSRF token should be unique per user session.

What is the attack vector or reasoning behind that?
How could an attacker exploit a web application that does not invalidate the CSRF token after logout … Continue reading CSRF token unique per user session – Why?→

Vulnerable web application – sql-injection that’s hard to find with a regular scanner like sqlmap

Posted on February 16, 2019 by Martin Fürholz

I am creating a “vulnerable web application”.

Is there a way to create a sql-injection vulnerability that is easy to spot during manual testing, but very hard (or impossible) for a regular sqli-scanner like sqlmap or “burp a… Continue reading Vulnerable web application – sql-injection that’s hard to find with a regular scanner like sqlmap→

How can I replicate Chromes behavior where the Google passwords are not contained in the memory-dump for other sites?

Posted on September 23, 2017 by Martin Fürholz

I did some testing, and found that a memory dump of Chrome doesn’t hold the password of gmail.com/Google after logging in to that site.

(My System is Windows 10 64bit Professional, Chrome 60).

I can find the passwords of al… Continue reading How can I replicate Chromes behavior where the Google passwords are not contained in the memory-dump for other sites?→

Is there a way to make the browser remove the login-password from it’s memory immediately, like Chrome seems to do on accounts.google.com?

Posted on September 23, 2017 by Martin Fürholz

I did some testing, and found that a memory dump of Chrome doesn’t hold the password of gmail.com/Google after logging in to that site (the login happens on accounts.google.com).

(My System is Windows 10 64bit Professional, … Continue reading Is there a way to make the browser remove the login-password from it’s memory immediately, like Chrome seems to do on accounts.google.com?→

Burp+Genymotion: Not all traffic from app in Emulator proxied through Burp

Posted on May 16, 2017 by Martin Fürholz

I’ve set up Burp+Genymotion like this: https://linuxsuperuser.com/configure-burp-suite-proxy-genymotion/ to do some penetration testing on Android apps for work.

The Genymotion (Android 6.0.0, API 23) Wifi settings are:

pro… Continue reading Burp+Genymotion: Not all traffic from app in Emulator proxied through Burp→