Category Archives: Application Security Assessment

Watch Out for UUIDs in Request Parameters

Posted on by

The Plugin: https://github.com/GeoffWalton/UUID-Watcher Some time ago on the TrustedSec Security Podcast, I shared a Burp Suite plugin I developed to hunt Insecure Direct Object Reference (IDOR) issues where applications might be using UUIDs or GUIDs (unique identifiers) as keys, assuming discovery attacks will not be possible. The plugin produces a report that helps identify which…

The post Watch Out for UUIDs in Request Parameters appeared first on TrustedSec.

Continue reading Watch Out for UUIDs in Request Parameters

Scraping Login Credentials With XSS

Posted on by

Unauthenticated JavaScript Fun In prior blog posts I’ve shown the types of weaponized XSS attacks one can perform against authenticated users, using their session to access and exfiltrate data, or perform actions in the application as that user. But what if you only have unauthenticated XSS? Perhaps your client hasn’t provided you with credentials to…

The post Scraping Login Credentials With XSS appeared first on TrustedSec.

Continue reading Scraping Login Credentials With XSS

Avoiding Mixed Content Errors with an HTTPS Python Server

Posted on by

Disclaimer: To set up a secure Python server, we need a domain name that we can access. 1. Introduction At some point during penetration testing, bug hunting, and capture the flag competitions, we will likely need to download a file or send a request to a server that we can access. Depending on what we…

The post Avoiding Mixed Content Errors with an HTTPS Python Server appeared first on TrustedSec.

Continue reading Avoiding Mixed Content Errors with an HTTPS Python Server

Hacking the My Arcade Contra Pocket Player – Part I

Posted on by

Intro I was at my local Target recently and spotted the section near the video games, where there were some little collectable arcade systems and handhelds that play games like Pac-Man, Galaga, and Contra. Whenever I see these types of systems, I like to pick one up to tear it apart and see what’s inside….

The post Hacking the My Arcade Contra Pocket Player – Part I appeared first on TrustedSec.

Continue reading Hacking the My Arcade Contra Pocket Player – Part I

Persistence Through Service Workers-Part 3: Easy JavaScript Payload Deployment

Posted on by

In “Persistence Through Service Workers—PART 2: C2 Setup and Use,” we demonstrated setting up the Shadow Workers C2 server and how to add both the service worker JavaScript and what Shadow Workers calls the “XSS Payload” JavaScript to the target application. In the example, we didn’t load the “XSS Payload” through a cross-site scripting vulnerability….

The post Persistence Through Service Workers-Part 3: Easy JavaScript Payload Deployment appeared first on TrustedSec.

Continue reading Persistence Through Service Workers-Part 3: Easy JavaScript Payload Deployment

Persistence Through Service Workers—Part 2: C2 Setup and Use

Posted on by

In Part 1 of this 2-part blog, we provided an overview of service workers and created an appropriate target application to exploit using Shadow Workers. In this blog post we’ll build our C2 server in Digital Ocean and use Shadow Workers to exploit the target application. It is highly recommended to read Part 1 prior…

The post Persistence Through Service Workers—Part 2: C2 Setup and Use appeared first on TrustedSec.

Continue reading Persistence Through Service Workers—Part 2: C2 Setup and Use

Persistence Through Service Workers—Part 1: Introduction and Target Application Setup

Posted on by

During a recent discussion about achieving persistence on a web server, someone suggested that I explore using browser service workers. As I began reading about what service workers do, the possibilities for Red Team applications seemed intriguing. But first, I had to find out…what exactly is a service worker? In their efforts to make web…

The post Persistence Through Service Workers—Part 1: Introduction and Target Application Setup appeared first on TrustedSec.

Continue reading Persistence Through Service Workers—Part 1: Introduction and Target Application Setup

Update: The Defensive Security Strategy

Posted on by

Original post:  https://www.trustedsec.com/blog/the-defensive-security-strategy-what-strategy/ Massive exposures and attacks, such as recent SolarWinds and Exchange exploit issues, have been common news lately. While the security landscape has advanced and changed, these massive exposures are continuing to occur. The question is why, and how, are they occurring? While common issues are often leveraged, the mentality around them is…

The post Update: The Defensive Security Strategy appeared first on TrustedSec.

Continue reading Update: The Defensive Security Strategy

Introducing iHide – A New Jailbreak Detection Bypass Tool

Posted on by

Today, we are releasing iHide, a new tool for bypassing jailbreak detection in iOS applications. You can install iHide by adding the repo https://repo.kc57.com in Cydia or clicking here on an iOS device with Cydia installed. Additionally, you can check out the code and build/install it yourself if you prefer. Once installed, iHide will add…

The post Introducing iHide – A New Jailbreak Detection Bypass Tool appeared first on TrustedSec.

Continue reading Introducing iHide – A New Jailbreak Detection Bypass Tool

Oh, Behave! Figuring Out User Behavior

Posted on by

One topic that has always been of interest to me is how users actually use their computers. While TrustedSec does have the ability to understand a system when we encounter it, there are still mysteries around normal user behavior. Understanding user behavior becomes even more important when attempting to defeat next generation of EDRs that…

The post Oh, Behave! Figuring Out User Behavior appeared first on TrustedSec.

Continue reading Oh, Behave! Figuring Out User Behavior