synthesis – WindowsTechs.com

Possibility of arbitrary file upload where upload converted to png

Posted on November 15, 2021 by synthesis

Would a file upload function be vulnerable to code execution where the uploaded file is always converted to a PNG file by the application? For example, if one uploads shell.php and this file is converted into somerandomstring.png, can one … Continue reading Possibility of arbitrary file upload where upload converted to png→

Verifying IP addresses during pentest

Posted on October 10, 2021 by synthesis

When conducting an external pentest and the scope is broad covering everything owned by the client, how would you verify if the enumerated IP addresses belong to a client? Running ‘nslookup’ on the IP doesn’t always return anything and in … Continue reading Verifying IP addresses during pentest→

Is it acceptable to disclose tech stack in resume? [closed]

Posted on March 26, 2021 by synthesis

When applying for jobs using your resume, is it fine to include the specific technologies you used in your current role? For example, "Configured Suricata IDS on Security Onion" instead of "Configured IDS". I find that … Continue reading Is it acceptable to disclose tech stack in resume? [closed]→

Volatility: Issue with analyzing Windows 10 and Server 2016 systems

Posted on November 16, 2019 by synthesis

I am trying to use Volatility 2.6 to analyze memory dumps generated by DumpIt. I am experiencing an issue analyzing the memory dumps of two Windows 10 64 bit boxes (build numbers 18362.1 and 18362.476) and a Windows Server 20… Continue reading Volatility: Issue with analyzing Windows 10 and Server 2016 systems→

Attribute-based access control standard definition

Posted on July 25, 2019 by synthesis

While reading a number of definitions of attribute-based access control (ABAC), I found that there are two different definitions:

Access control decisions are made using the attributes of users,
objects and the environment…. Continue reading Attribute-based access control standard definition→

Windows process documentation for tuning Sysmon

Posted on January 16, 2019 by synthesis

I recently installed Sysmon, which logs events to OSSEC and currently monitors several endpoints. I have been trying to whitelist benign processes such as Windows services. Many of these processes run with commandline argumen… Continue reading Windows process documentation for tuning Sysmon→

Addressing availability element of CIA triad using technical controls

Posted on November 25, 2018 by synthesis

When looking at the availability element of the CIA triad, most definitions mention that availability is addressed through ensuring system up-time by using controls such as disaster recovery, business continuity, rate limitin… Continue reading Addressing availability element of CIA triad using technical controls→

Separation of duties for user account creation

Posted on November 11, 2018 by synthesis

Are there any implementations (such as Active Directory) that have applied separation of duties to user account creation, which would require the create user account task and approval task to be done by two different users?
… Continue reading Separation of duties for user account creation→

Benefit of using two network interfaces for intrusion detection system

Posted on June 10, 2018 by synthesis

What is the benefit of using two network interfaces (management interface and sniffing interface) for an IDS such as Snort? I have used a Snort IDS where it only used one network interface for both management and sniffing and… Continue reading Benefit of using two network interfaces for intrusion detection system→