Hello guys !! Hope all good at your side of the screen. Today we will discuss about the topic which everybody is talking about. I
Hello guys !! Hope all good at your side of the screen. Today we will discuss about the topic which everybody is talking about. I am sure we all have a same answer if someone asks how we will if our all tasks will get automated and we can sit back and relax. A big Yes, right ? But yeah, we need lots of effort and money to complete that part. Application security automation is no different from this. Appsec automation has gathered all the limelight and has a tremendous exposure since past a year or so.
What is Appsec Automation
In today’s fast-paced digital landscape, the importance of robust application security (AppSec) cannot be overstated. With cyber threats growing in sophistication and frequency, organizations must prioritise the protection of their applications and data. Enter AppSec automation – a game-changing approach to security that promises to streamline processes, enhance efficiency, and bolster defenses against evolving threats.
Amazon Web Services (AWS) is a leading cloud computing platform that provides organizations. It has a wide range of services to build and deploy applications, store data, and manage infrastructure. One of the core services offered by AWS is Amazon Simple Storage Service (S3), a scalable object storage solution designed to store and retrieve data securely. However, misconfigurations or oversights can lead to the exposure of sensitive data stored in S3 buckets, posing significant risks to organizations. In this blog post, we’ll delve into what AWS and S3 buckets are, why they’re important, and how to identify open S3 buckets belonging to external organizations using practical commands.
Understanding AWS and S3 Buckets:
Amazon Web Services (AWS) is a comprehensive cloud computing platform that offers a broad range of services, including compute power, storage, databases, and more. AWS enables organizations to leverage cloud infrastructure to scale their operations, reduce costs, and innovate at a rapid pace.Read more
As we stride into the future, the digital landscape continues to evolve, presenting new challenges and opportunities in the realm of cybersecurity. With cyber threats growing in complexity and sophistication, it’s crucial for organizations to stay abreast of the latest trends to safeguard their assets effectively. In this article, we’ll delve into the top security trends anticipated to shape the cybersecurity landscape in 2024, empowering organizations to fortify their defenses and stay ahead of emerging threats.Read more
It has been a while since I posted anything here, but then life had another plans for me in past three years. Anyways cutting short the crap, today I will discuss about hashes. To be more precise, CONTEXT TRIGGERED PIECEWISE HASHES (CTPH).
This term came into my mind when I was going through the Pyramid of Pain, which happens to be a simple diagram that shows the relationship between the types of indicators you might use to detect an adversary’s activities and how much pain it will cause them when you are able to deny those indicators to them. We can discuss Pyramid of pain some other day. Lets’s talk about hashes first.
We have all used cryptographic hashes to determine the integrity of the files, vastly used during any data forensics investigation. So if a single bit is changed in the input, it will change tha hashed output value drastically. But with the advancement of attacks, it is highly possible to change a bit of an malware to fail in the cryptographic match by a forensic profession even with keeping the functionality of an malware intact. Read more
We have learnt the basic exploitation of Sql Injection with the help of Sqlmap in our previous posts. But there is always a step further. In this post we will see most advanced exploitation with Sqlmap.
Once again 3 cheers to Kunal for helping me out for this post.
In our first post of Sqlmap, we have explained few basic options of Sqlmap. We will see some more.
Advanced Exploitation with Sqlmap
Whenever I meet people and talk about any vulnerability, my first and final ask remains the same what is most extreme thing we can do by exploiting that vulnerability. In the case of SQL Injection most of my peers don’t discuss beyond downloading or altering the database. Although we can go beyond it and take the control of the application completely with the help of shell. we can run the os-commands, upload a file, read an existing file and what not.
In previous post we have seen the basic tutorial of Sqlmap and the exploitation.
The exploitation was about the GET request or where the vulnerable parameter is passing in the URL. There is another aspect of Sql Injection where it happens in form based submissions. In more technical terms a POST request where the certain parameters are being sent to server. In this post we will exploit form based SQL Injection with Sqlmap.
This post could have been delayed without the help of Kunal Pachauri, so just a shoutout for him before I start this post.
As I discussed in my previous post that we can exploit Union Based SQL Injection with the help of manual SQL queries. now we will do the same exercise with a Python based tool SQLMAP.
Note:- This tutorial is being carried out on demo test site provided by ACUNETIX, You can also try on the same website.
Sqlmap is arguably the most popular and powerful sql injection automation tool available and it is completely open-source. All it needs is the vulnerable URL in case of get request or a text file in case we want to perform it on a post request.
Sqlmap can exploit the application’s database and do a lot of hacking like extracting database names, tables, columns, all the data in the tables etc. It can even read and write files on the remote file system under certain conditions.
Sqlmap is arguably the most popular tool for exploitation of sql injection vulnerability and database takeover. It is completely automated and customization depending upon the server or database configurations. This tool provides wide ranges of flags which can be used to trigger an attack in an effective manner. It is completely open-source in terms of license. Its written in python. Now as I am going to discuss more and more about sqlmap it’s usage and tutorials in my forthcoming blogs so we need to know how to install and start sqlmap for further uses.
If you use Kali, Backtrack or any such VM then it comes as a package.
This post is a brief guide to setup and run sqlmap on windows. I am installing on Windows 10 machines but it works fine on any windows flavor, we just need python to support it.
What is OS Command Injection
OS Command Injection is a vulnerability which describes improper neutralization of special elements. It can result in modification of the intended OS command that is sent to a downstream component.
So, OS command injection weaknesses can expose an environment to an attacker even if he does not have direct access to the operating system. Also, if the application is running with higher privilege, it may allow an attacker to specify commands that may not be available otherwise.
Running OS commands is very useful functionality but it can equally trigger a vulnerability if not used correctly.
Types of OS Command Injection
There are two sub-types of command Injection.
- An application executes a fixed program that is under its control and accepts external input as arguments to that program. e.g. the application may run system(“nslookup [HOSTNAME]”) to run nslookup and allow the user to supply a HOSTNAME, which is actually an argument.
Interestingly, if the program does not remove separators from the externally supplied HOSTNAME argument, the attacker could place separators inside the argument and execute his own command.
- The application uses input to select which program to run and what commands to use. The application sanitizes the input and then simply redirects the entire command to the operating system.
Hello folks ! I know it has been a long while since I wrote on this weblog. But the start of this year was much enthusiastic in terms of newly discovered vulnerabilities. Yes I am talking about Spectre and Meltdown
So today we will discuss about Meltdown.
What the heck it is !
Spectre and Meltdown are the different variants of the same fundamental underlying vulnerability that affects nearly every computer chip manufactured in the last 20 years. If exploited, it allows attackers to get access to data previously considered completely protected. These vulnerabilities involve a malicious program gaining access to unauthorized data, and by exploiting two important techniques used to speed up computer chips, called speculative execution and caching.
When I first heard about this vulnerability the first thing came into my mind was how it is possible to have unprivileged access as we already have “Page Tables” in place. But as it still happened. lets see how.
So when a software running on a Core requires memory it starts a so called “load” command. The load command is then processed in multiple stages until the data is found and returned or an error occurred. Below is the simple representation of the memory subsystem.