Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
- In 2012, an attack was launched on GitHub. In this attack, a public key was added to the Rails organization. As a result, they were able to access data and files in this organization. How did this happen?
- The root cause of this vulnerability comes down to a
Mass Assignmentvulnerability. This occurs as a failure to check incoming parameters on a request that will then update an object. In this case, the API call was an public key update form, which they likely changed the account this was attached to by using the Mass Assignment bug. - Amazingly, the attack occurred at 8:49am but was fixed at 9:53am; this is a 4 minute turn around in which I have NO idea how they discovered and fixed the problem this quickly. Of course, the keys were removed immediately. Plus 1 for good threat detection and log management.
- From there, they did a complete audit of the code base for more mass assignment vulnerabilities but do not say if more were discovered. They later discovered that that the attacker compromised three accounts (two were tests and one was Rails). This meant that the attack was found quite quickly, which is awesome.
- Mass assignment vulnerabilities are probably more common than you would expect, especially in languages such as Ruby, Java and C#. They are hard to find without source code access but relying on the output of other requests could leak information about the internal state. Interesting bug!
