Security Testing & Analysis – Page 3

Common Conditional Access Misconfigurations and Bypasses in Azure

Posted on October 4, 2022 by Nathan Noll

Conditional Access is widely used in Azure to prevent unauthorized access. When it works, it can shut down attacks, even if the user’s password is known. However, it doesn’t always work as intended. For this blog post I wanted to provide an in-depth look at common Conditional Access configurations in Azure, along with potential bypasses….

The post Common Conditional Access Misconfigurations and Bypasses in Azure appeared first on TrustedSec.

Continue reading Common Conditional Access Misconfigurations and Bypasses in Azure→

Working with data in JSON format

Posted on September 27, 2022 by Nathan Noll

What is JSON? What is JSON? JSON is an acronym for JavaScript Object Notation. For years it has been in use as a common serialization format for APIs across the web. It also has gained favor as a format for logging (particularly for use in structured logging). Now, it has become even more common for…

The post Working with data in JSON format appeared first on TrustedSec.

Continue reading Working with data in JSON format→

Watch Out for UUIDs in Request Parameters

Posted on September 22, 2022 by Nathan Noll

The Plugin: https://github.com/GeoffWalton/UUID-Watcher Some time ago on the TrustedSec Security Podcast, I shared a Burp Suite plugin I developed to hunt Insecure Direct Object Reference (IDOR) issues where applications might be using UUIDs or GUIDs (unique identifiers) as keys, assuming discovery attacks will not be possible. The plugin produces a report that helps identify which…

The post Watch Out for UUIDs in Request Parameters appeared first on TrustedSec.

Continue reading Watch Out for UUIDs in Request Parameters→

I Wanna Go Fast, Really Fast, like (Kerberos) FAST

Posted on September 20, 2022 by Nathan Noll

1 Introduction At TrustedSec, we weigh an information security program’s ability to defend against a single specified attack by measuring detection, deflection, and deterrence. Now while a majority of my blog posts have been concentrated around detection this post is more ‘deterrence’ focused. I first heard about Kerberos FAST from Steve Syfuhs (@SteveSyfuhs) of Microsoft…

The post I Wanna Go Fast, Really Fast, like (Kerberos) FAST appeared first on TrustedSec.

Continue reading I Wanna Go Fast, Really Fast, like (Kerberos) FAST→

Practical Attacks against NTLMv1

Posted on September 15, 2022 by Nathan Noll

1.1 Introduction This blog is meant to serve as a guide for practical exploitation of systems that allow for the NTLMv1 authentication protocol. While NTLMv1 is hardly ever needed anymore, a surprising number of organizations still use it, perhaps unknowingly. There are however some VPN products that still currently instruct their users to downgrade NLTM…

The post Practical Attacks against NTLMv1 appeared first on TrustedSec.

Continue reading Practical Attacks against NTLMv1→

Detection and Alerting: Selecting a SIEM

Posted on September 2, 2022 by Nathan Noll

Summary Basic SIEM requirements should be in place to create mature detections for a variety of log sources, including network logs, system logs, and application logs (including custom applications). This focuses on Security Operations and does not include the engineering side of SIEM management, e.g., licensing, hardware/cloud requirements, retention needs, etc. Each component of the…

The post Detection and Alerting: Selecting a SIEM appeared first on TrustedSec.

Continue reading Detection and Alerting: Selecting a SIEM→

Scraping Login Credentials With XSS

Posted on July 7, 2022 by Nathan Noll

Unauthenticated JavaScript Fun In prior blog posts I’ve shown the types of weaponized XSS attacks one can perform against authenticated users, using their session to access and exfiltrate data, or perform actions in the application as that user. But what if you only have unauthenticated XSS? Perhaps your client hasn’t provided you with credentials to…

The post Scraping Login Credentials With XSS appeared first on TrustedSec.

Continue reading Scraping Login Credentials With XSS→

A Diamond in the Ruff

Posted on July 5, 2022 by Nathan Noll

This blog post was co-authored with Charlie Clark at Semperis 1.1 Background of the ‘Diamond’ Attack One day, while browsing YouTube, we came across an older presentation from Blackhat 2015 by Tal Be’ery and Michael Cherny. In their talk, and subsequent brief, WATCHING THE WATCHDOG: PROTECTING KERBEROS AUTHENTICATION WITH NETWORK MONITORING, they outlined something we…

The post A Diamond in the Ruff appeared first on TrustedSec.

Continue reading A Diamond in the Ruff→

WMI Providers for Script Kiddies

Posted on June 9, 2022 by Nathan Noll

Introduction So, this WMI stuff seems legit. Admins get a powerful tool which Script Kiddies can also use for profit. But there’s gotta be more, right? What if I want to take my WMI-fu to the next level? In the previous blog post, “WMI for Script Kiddies,” we described Windows Management Instrumentation (WMI). We detailed…

The post WMI Providers for Script Kiddies appeared first on TrustedSec.

Continue reading WMI Providers for Script Kiddies→

Intro to Web App Security Testing: Burp Suite Tips & Tricks

Posted on May 26, 2022 by Nathan Noll

A brief list of useful things we wish we had known sooner Burp Suite Pro can be complicated and intimidating. Even after learning and becoming comfortable with the core functionality, there remains a great deal of depth throughout Burp Suite, and many users may not stray far from the staples they know. However, after years…

The post Intro to Web App Security Testing: Burp Suite Tips & Tricks appeared first on TrustedSec.

Continue reading Intro to Web App Security Testing: Burp Suite Tips & Tricks→