The truth is that when reputable information security specialists are engaged to perform a no holds barred internal network penetration test or red teaming exercise for a client, they will gain full administrative…
Although not a good read (in terms of being engaging or interesting), you'll find that a lot of security professionals will use something like the Center for Internet Security (CIS) benchmark when doing a formal audit…
Great idea for a project. Nice job. It says in the About section on the home page "Unless someone can intercept your local traffic and our traffic to a site, you'll be able to spot MITM attacks". I'd argue that this is…
"NoSQL, or rather NoAuthentication, has been a huge gift to the hacker community. Just when I was worried that they'd finally patched all of the authentication bypass bugs in MySQL, new databases came into style that…
"We are currently utilizing advanced protocols including double salted hashes" Shudder. Whenever someone starts talking about double salting, triple salting or even just salting, it's usually a sign that they are doing…
When an application residing at one.example.com sets a cookie, the browser by default resubmits the cookie in all subsequent requests to one.example.com and also to any subdomains, such as sub.one.example.com. It does…
Sure. But it would be a stretch to find any financial institution with as many as 360 million customer records. Maybe one of the state-owned commercial banks in China being the exception. And more to the point, the…
"The passwords are stored as SHA1 hashes of the first 10 characters of the password converted to lowercase. That's right, truncated and case insensitive passwords stored without a salt" I'm surprised this fact is not…
This is one of those cases where it's the responsibility of the bug bounty platform operator (HackerOne) to ensure that its customer (PornHub) deals appropriately with bug bounty participants. If PornHub doesn't offer a…
A similar anti-CSRF measure is implemented in some application frameworks by default. For example, When performing XHR requests in AngularJS, "the $http service reads a token from a cookie (by default, XSRF-TOKEN) and…
I'm a few chapters into Silence on the Wire and enjoying it. Zalewski is brilliant. It's very theoretical however. I'd only recommend it if your motive for reading it is pure interest rather than a desire to pick up…
Agreed. However, in a formal penetration testing engagement, the tester will usually only record and document their exact steps because they have to provide a detailed report to their client. This hacker didn't have…
Bcrypt has built-in salts to prevent rainbow (i.e. lookup) table attacks. More to the point, modern password cracking doesn't usually involve the use of rainbow tables anyway. GPU speed has improved at such a rate that…
"The rationale was that as technology progressed and password cracking became easier, users could be contacted to update their password." I would argue that this a misguided motivation for storing the password entropy.…
I say use secure templating because you need highly contextual encoding. As this article points out, escapes for HTML will not work in Javascript I just wanted to reinforce this comment because I work in infosec (mostly…
I can't live without vimperator nowadays. It's the only thing stopping me from switching to Chrome from FF (and yes, i know there are other similar vi extensions for Chrome but none seem as good as vimperator for FF).
As per my other comment below, the intended use case for SQLmap is more around exploitation rather than identifying injection points. Penetration testers will usually identify the injectable parameters through other…
In my opinion, this is not really SQLMaps intended use case. It's essentially an exploitation tool for penetration testers and doesn't provide a proper mechanism to just scan your app looking for SQL injection points.…
I've been doing penetration testing of web applications professionally for about 5 years now. The incidence of SQLi has definitely decreased over the years but I would estimate that we still identify it on approximately…
Yes, this class of web vulnerability is called Cross-Site Request Forgery or CSRF (https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%...). The Same Origin Policy (SOP) prevents one domain from receiving the…
The truth is that when reputable information security specialists are engaged to perform a no holds barred internal network penetration test or red teaming exercise for a client, they will gain full administrative…
Although not a good read (in terms of being engaging or interesting), you'll find that a lot of security professionals will use something like the Center for Internet Security (CIS) benchmark when doing a formal audit…
Great idea for a project. Nice job. It says in the About section on the home page "Unless someone can intercept your local traffic and our traffic to a site, you'll be able to spot MITM attacks". I'd argue that this is…
"NoSQL, or rather NoAuthentication, has been a huge gift to the hacker community. Just when I was worried that they'd finally patched all of the authentication bypass bugs in MySQL, new databases came into style that…
"We are currently utilizing advanced protocols including double salted hashes" Shudder. Whenever someone starts talking about double salting, triple salting or even just salting, it's usually a sign that they are doing…
When an application residing at one.example.com sets a cookie, the browser by default resubmits the cookie in all subsequent requests to one.example.com and also to any subdomains, such as sub.one.example.com. It does…
Sure. But it would be a stretch to find any financial institution with as many as 360 million customer records. Maybe one of the state-owned commercial banks in China being the exception. And more to the point, the…
"The passwords are stored as SHA1 hashes of the first 10 characters of the password converted to lowercase. That's right, truncated and case insensitive passwords stored without a salt" I'm surprised this fact is not…
This is one of those cases where it's the responsibility of the bug bounty platform operator (HackerOne) to ensure that its customer (PornHub) deals appropriately with bug bounty participants. If PornHub doesn't offer a…
A similar anti-CSRF measure is implemented in some application frameworks by default. For example, When performing XHR requests in AngularJS, "the $http service reads a token from a cookie (by default, XSRF-TOKEN) and…
I'm a few chapters into Silence on the Wire and enjoying it. Zalewski is brilliant. It's very theoretical however. I'd only recommend it if your motive for reading it is pure interest rather than a desire to pick up…
Agreed. However, in a formal penetration testing engagement, the tester will usually only record and document their exact steps because they have to provide a detailed report to their client. This hacker didn't have…
Bcrypt has built-in salts to prevent rainbow (i.e. lookup) table attacks. More to the point, modern password cracking doesn't usually involve the use of rainbow tables anyway. GPU speed has improved at such a rate that…
"The rationale was that as technology progressed and password cracking became easier, users could be contacted to update their password." I would argue that this a misguided motivation for storing the password entropy.…
I say use secure templating because you need highly contextual encoding. As this article points out, escapes for HTML will not work in Javascript I just wanted to reinforce this comment because I work in infosec (mostly…
I can't live without vimperator nowadays. It's the only thing stopping me from switching to Chrome from FF (and yes, i know there are other similar vi extensions for Chrome but none seem as good as vimperator for FF).
As per my other comment below, the intended use case for SQLmap is more around exploitation rather than identifying injection points. Penetration testers will usually identify the injectable parameters through other…
In my opinion, this is not really SQLMaps intended use case. It's essentially an exploitation tool for penetration testers and doesn't provide a proper mechanism to just scan your app looking for SQL injection points.…
I've been doing penetration testing of web applications professionally for about 5 years now. The incidence of SQLi has definitely decreased over the years but I would estimate that we still identify it on approximately…
Yes, this class of web vulnerability is called Cross-Site Request Forgery or CSRF (https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%...). The Same Origin Policy (SOP) prevents one domain from receiving the…