Vulnerability Assessment Guidelines This document briefs various ways you can use as a reference to check if the services can be exploited. The document necessarily does not cover everything. It should be treated as a reference instead. There are various phases of hacking. I will focus on reconnaissance throughout the document. Note : Please perform …
Uncategorized
Catching Security Vulnerabilities With Semgrep
Introduction to Semgrep Semgrep is an open-source static analysis tool that helps catch security vulnerabilities, misconfiguration, and deviations from standard practices. It’s a powerful tool that can be leveraged to write rules to detect specific or generic security and non-security-related issues and loopholes. It supports more than 20+ languages and is used by many top …
Content Security Policy – Demystified
Content security policies help web applications defend against cross-site scripting and Clickjacking attacks. It’s a defense-in-depth approach towards preventing client side injection attacks – especially XSS. It is basically a policy that limits the types of resources loaded in an application. The policy is set through an HTTP response header or meta tag, which the …
My experience with recent Docker Forensics and importance of logging
Background On 13th May I got a message on Signal from the co-founder of ‘xyz’. Apparently, the database was dropped by a hacker. He said the database has been restored and asked me to do a forensics investigation on the compromised host the following day. He told me the name of the mobile application, to …
How I chained two vulnerabilities to steal credit card details?
This is a report I created for one of the engagements I performed recently. The goal of the engagement was to find out if there is a way to steal credit card details by using client side vulnerabilities. Everything after this is a report as a whole. Scope of work I was engaged to perform …
Linux memory forensics – part 1
Memory forensics is a very critical skill set to have to understand about the state of the compromised system. It gives a deep dive insight into the possible attack paths adversaries might have taken. In this post I will document ways to acquire memory from the linux system . In the subsequent posts we will …
Nmap – Part II
In the last blog post I talked about what nmap is, how different types of host discovery, port scanning work and how to save the nmap results in different output formats. In this post I will write about how we can use nmap to perform service enumeration and how service enumeration works under the hood. …
Nmap – Part 1
Nmap is a network utility tool which is used to enumerate hosts in the network , perform reconnaissance or information gathering , vulnerability detection , exploitation and much more. I consider it a swiss army of a network penetration tester. Information gathering is the key to a vulnerability assessment and penetration testing engagement. The more …
One hell of an IP address(Part 2)
It’s been a long time since I published my last blog post for this series. With some genuine feedback from people I have tried my best to improve on contents. Last blog post was just to give a gentle introduction to IP address in non technical perspective. In this blog post , we will go …
Intigriti 10k followers XSS challenge
Last week Intigriti had posted an XSS challenge on Twitter. I decided to give it a look. Today , in this article I am going to explain how I solved this challenge. Here is the code, <script> const whitelist = [‘intigriti.com’,’intigriti.io’]; var url = new URL(location.hash.substr(1)); if(whitelist.indexOf(url.hostname) > -1){ document.write(“Redirecting you to ” + encodeURIComponent(url.href) …