About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

YOUR WEBSITE HAS ASSETS – YOU NEED SRI- 33

Lukas Vileikis    Reference →Posted 6 Years Ago
  • Loading external scripts for other websites is quite common. So, what if one of these scripts is compromised?
  • You are essentially screwed! So, this article is suggesting to adding Subresource Integrity (SRI) checks by validating against a hash.
  • This can be done manually, in the code, or by using the Content-Security Policy (CSP). Overall, a great measure for defense-in-depth!

Oracle Peoplesoft: XXE to RCE- 32

Ambionics    Reference →Posted 6 Years Ago
  • The GET/POST parameters were being translated into SOAP request (sort of like REST but with XML).
  • By exploiting this feature, it was possible to write your own XML to alter the request.
  • By using AXIS (WTF this is) it was possible to get an RCE, just from writing the XML!

Bypassing Payments using Webhooks- 31

Jack Cable    Reference →Posted 6 Years Ago
  • The first point is really interesting! People on bug bounty programs tend to look for the same bugs. So, this guy recommends looking for functionality not usually visible to the user.
  • Normally, the service comes from the payment provider and the server. However, this person stumbled upon the internal API docs for Stripe.
  • This API was not locked down because users did not usually visit it.
  • By using this API, it was possible to forge a payment request.
  • Payment related webhooks are commonly used in subscription based programs. So, this could be a jackpot!

Look-Alike Domains and Visual Confusion- 30

Krebs On Security    Reference →Posted 6 Years Ago
  • Character sets are an interesting thing! The history from ASCII to Unicode has a very odd history.
  • Krebs is talking about domains have similar looking characters.
  • Someone could buy "amazon.com" but with the letter being a different character than the normal ASCII a. Instead, using a similar looking unicode character.

Gaining Domain Admin from Outside Active Directory- 29

markitzeroday.com    Reference →Posted 6 Years Ago
  • Just a story about an internal pentest. A super fun read! The highlights will be listed below:
  • Test the easy stuff! Even when you do not think it is going to work, it's a free pass :)
  • The cracked password was Winter2018!. Remember to look at the password rules for a given company. This will give you an idea on what the password may be. In particular, if it is a quarterly password change, people may use the season + year of the password.
  • Use all avenues, even the stupid simple ones :)

How to Break Encryption 101- 28

Malware Bytes    Reference →Posted 6 Years Ago
  • In this, the author chooses a piece of malware to describe the encryption breaking. First, we need to find a mistake. But, what does a mistake look like? Anything from weak encryption algorithms, poor key generators or server-side vulnerabilities.
  • The first step is identifying where the encryption is being done at. Note: There could be multiple encryption algorithms within a single binary.
  • A common issue is with random number generators. Some generators are indistinguishable from random noise, while others can be reversed with some effort. If the random number generator was deterministic with time, then it may be possible to figure out the seed used, which could get the key.
  • Weak encryption algorithms. This goes from a custom cipher that you would likely see in a CTF challenge to something like DES
  • List of different ransomwares vulnerabilities:
    1. Weak encryption algorithm: 7ev3n, XORist, Bart
    2. Mistakes in cryptography implementation: Petya
    3. Weak key generator:DMA Locker, CryptXXX
    4. Leaked keys:Chimera

BIOS and UEFI Hacking- 27

Alex Matrosov    Reference →Posted 6 Years Ago
  • BIOS and UEFI are options for the basic boot system on most computers. Controlling the boot sequence is quite a drastic step.
  • Although this is quite complex (I did not understand it when I read it), this is an amazing dive into the weeds of the boot sequence.

Turning your web traffic into a Super Computer- 26

Ben Akrin    Reference →Posted 6 Years Ago
  • The concept is fascinating! Turning all visitors of your website into a distributed computer.
  • Although this is not a new topic, the concept of using web sockets in order to do this is a good idea.
  • What's a good benchmark for a super computer? Hash cracking of course!
  • Using multithreading and a set task to attempt to solve, we have a super computer :)

Stopping Olympic Destroyer: New Process Injection Insights- 25

End Game    Reference →Posted 6 Years Ago
  • This malware injects itself into Notepad++, making it look like a safe process to run :)
  • Other than that, it is a very typically piece of malware; code injection in order to avoid detection is really cool though!

MTIRE Attack Main Page- 24

MITRE    Reference →Posted 6 Years Ago
  • This is a huge list for all things attacking!
  • From defense evasion to persistence techniques... This is a very large list!
  • Mitre is a non-profit that is really focused on making the world a more secure place :)

← Prev1 ... 186187188189190191Next →
Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed