Collaborate Disseminate
I was recently involved in an engagement where access was controlled by Basic Authentication. One (1) of the findings I discovered was a Cross-Site Request Forgery (CSRF) vulnerability. The client was unsure of the best approach to prevent CSRF in the context of using Basic Authentication. In this blog post, I will examine the security…
The post Basic Authentication Versus CSRF appeared first on TrustedSec.
As a web application tester, I encounter a recurring challenge in my work: receiving incomplete responses from Burp Collaborator during DNS and HTTP response testing. For example, Collaborator will provide the IP address that performed the DNS look up or HTTP Request. Sometimes, these responses turn out to be false positives caused by intrusion protection…
The post Introducing CoWitness: Enhancing Web Application Testing With External Service Interaction appeared first on TrustedSec.
THIS POST WAS WRITTEN BY @NYXGEEK Intro Password recovery tool hashcat ships with a bunch of great rules, but have you actually looked at them? Being familiar with the built-in rules can help enhance your cracking capabilities and enable you to choose the right rule or rule combination. via GIPHY So where are these rules anyways?…
The post Better Hacking Through Cracking: Know Your Rules appeared first on TrustedSec.
Continue reading Better Hacking Through Cracking: Know Your Rules
Since moving to an offensive security role, I have always wanted to use SSH port forwarding through a Cisco router during a Penetration Test. However, the SSH implementation on a Cisco device does not provide the ability to customize the sshd_config file permitting port forwarding. Although there is the possibility of leveraging network address translation…
The post Cisco Hackery: TcL Proxy appeared first on TrustedSec.
1.1 Prerequisites As discussed in the previous blog post, an Android emulator was set up for testing a mobile application. Some of the most common tools were configured to see the application’s environment details and start probing for potential flaws. If you followed my previous post, you should now have a lab set up with…
The post Android Hacking for Beginners appeared first on TrustedSec.
Every now and again, I see a crazy tweet that feels like it just can’t be true. Many of them are not true or are folks making overblown statements about something cool they found—this is part of the research game, and folks are entitled to be excited about what they are learning. Recently, however, I…
The post Disabling AV With Process Suspension appeared first on TrustedSec.
Introduction I hope I don’t sound like a complete n00b, but what or who or where is a BOF? All the cool kids are talking about it, and I just smile and nod. Is he the newest Crypto billionaire, or is a meetup for like-minded hackers, or is it some other 1337 slang? I understand…
The post BOFs for Script Kiddies appeared first on TrustedSec.
If you’ve ever been doing an Internal Penetration test where you’ve reached Domain Admin status and you have a cloud presence, your entire Azure cloud can still be compromised. In this blog, I’ll take you through this scenario and show you the dangers of machine account SSO compromise. We will do so without extracting any…
The post Azure AD Kerberos Tickets: Pivoting to the Cloud appeared first on TrustedSec.
Continue reading Azure AD Kerberos Tickets: Pivoting to the Cloud
1.1 Introduction Recently, myself and a few friends decided to port my coworker Kevin Haubris‘ COFFLoader project to Metasploit. This new BOFLoader extension allows Beacon Object Files (BOFs) to be used from a Meterpreter session. This addition unlocks many new possibilities for Meterpreter and, in my opinion, elevates Meterpreter back up to the status of…
The post Operator’s Guide to the Meterpreter BOFLoader appeared first on TrustedSec.
Continue reading Operator’s Guide to the Meterpreter BOFLoader
As security practitioners, we live in a time where there is an abundance of tools and solutions to help us secure our homes, organizations, and critical data. We know the dangers of unpatched applications and devices as well as the virtues of things like password managers and encrypted databases to protect our passwords and other…
The post A LAPS(e) in Judgement appeared first on TrustedSec.