Searching for Command Injection
December 31, 2018Manual Static Code Analysis Methodologies It’s not uncommon for pentesters to gain access to application source code; either via white-card… Continue Reading
A Software Security Blog
A Software Security Blog
Manual Static Code Analysis Methodologies It’s not uncommon for pentesters to gain access to application source code; either via white-card… Continue Reading
Early, often, & coupled with training Each system development effort has a unique set of challenges that can instigate deviation… Continue Reading
A Black Hat 2015 presentation by James Forshaw began to mainstream a Windows privesc technique that abused SeAssignPrimaryToken/SeImpersonate permissions; https://www.youtube.com/watch?v=QRpfvmMbDMg.… Continue Reading
Windows Management Instrumentation (WMI) is a suite of tools that automate administrative tasks. Windows users natively interact with WMI via… Continue Reading
The COM (Component Object Model) provide an interface for object to interact with objects in other processes. Calls to COM… Continue Reading
Credit to Tim Medin for his DerbyCon presentation on this technique. The Kerberoasting technique provides an attacker with a means… Continue Reading
Cross Site Scripting (XSS) will allow an attacker’s malformed parameter to manipulate the anticipated functionality of the web application. This… Continue Reading
A CSRF vulnerability allows an attacker to social engineer authenticated users into submitting HTTP requests. The server receives the covertly… Continue Reading
The effectiveness of a cryptographically-secure pseudorandom number generator is heavily reliant upon the seed. This initial “seed” value must be… Continue Reading
A SQL injection (SQLi) occurs when an unfiltered user parameter is rendered as executable logic by a database management system… Continue Reading
A DLL hijack is potentially achievable when a directory within the “standard search order” is writeable by a malicious actor.… Continue Reading
The “standard search order” is a list of directories that an operating system iterates through to locate supporting files. An… Continue Reading