About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

How to Make your Internet Faster with 1.1.1.1- 35

Mohit Kumar    Reference →Posted 6 Years Ago
  • DNS (domain name server) is service that takes a domain name and turns it into an IP address.
  • This service being fast is crucial for the speed of your internet.
  • Cloudflare has 1.1.1.1, which is a significantly faster than most DNS services.

No, Panera Bread Doesn’t Take Security Seriously- 34

Dylan Houlihan     Reference →Posted 6 Years Ago
  • This report is just the industry in a nutshell...Every company claims to take your security very seriously but very few do.
  • In addition, reporting security vulnerabilities is really difficult! How do we report vulnerabilities in such a way that people take it seriously (serious enough to fix it), do not think it is a scam and are willing to publicly admit it.
  • In this case, Panera Bread had a serious information disclosure that they should have patched. At what point do sit on it, hoping that the company will fix it. Or, do you just post your findings and move on?
  • Overall, you just hope that the company takes you seriously...Otherwise, you have to make the decision to go public or not. Going public, before they fix the vulnerability, allows for attackers to exfiltrate the data. However, it also forces Panera Bread to fix the issue.

YOUR WEBSITE HAS ASSETS – YOU NEED SRI- 33

Lukas Vileikis    Reference →Posted 6 Years Ago
  • Loading external scripts for other websites is quite common. So, what if one of these scripts is compromised?
  • You are essentially screwed! So, this article is suggesting to adding Subresource Integrity (SRI) checks by validating against a hash.
  • This can be done manually, in the code, or by using the Content-Security Policy (CSP). Overall, a great measure for defense-in-depth!

Oracle Peoplesoft: XXE to RCE- 32

Ambionics    Reference →Posted 6 Years Ago
  • The GET/POST parameters were being translated into SOAP request (sort of like REST but with XML).
  • By exploiting this feature, it was possible to write your own XML to alter the request.
  • By using AXIS (WTF this is) it was possible to get an RCE, just from writing the XML!

Bypassing Payments using Webhooks- 31

Jack Cable    Reference →Posted 6 Years Ago
  • The first point is really interesting! People on bug bounty programs tend to look for the same bugs. So, this guy recommends looking for functionality not usually visible to the user.
  • Normally, the service comes from the payment provider and the server. However, this person stumbled upon the internal API docs for Stripe.
  • This API was not locked down because users did not usually visit it.
  • By using this API, it was possible to forge a payment request.
  • Payment related webhooks are commonly used in subscription based programs. So, this could be a jackpot!

Look-Alike Domains and Visual Confusion- 30

Krebs On Security    Reference →Posted 6 Years Ago
  • Character sets are an interesting thing! The history from ASCII to Unicode has a very odd history.
  • Krebs is talking about domains have similar looking characters.
  • Someone could buy "amazon.com" but with the letter being a different character than the normal ASCII a. Instead, using a similar looking unicode character.

Gaining Domain Admin from Outside Active Directory- 29

markitzeroday.com    Reference →Posted 6 Years Ago
  • Just a story about an internal pentest. A super fun read! The highlights will be listed below:
  • Test the easy stuff! Even when you do not think it is going to work, it's a free pass :)
  • The cracked password was Winter2018!. Remember to look at the password rules for a given company. This will give you an idea on what the password may be. In particular, if it is a quarterly password change, people may use the season + year of the password.
  • Use all avenues, even the stupid simple ones :)

How to Break Encryption 101- 28

Malware Bytes    Reference →Posted 6 Years Ago
  • In this, the author chooses a piece of malware to describe the encryption breaking. First, we need to find a mistake. But, what does a mistake look like? Anything from weak encryption algorithms, poor key generators or server-side vulnerabilities.
  • The first step is identifying where the encryption is being done at. Note: There could be multiple encryption algorithms within a single binary.
  • A common issue is with random number generators. Some generators are indistinguishable from random noise, while others can be reversed with some effort. If the random number generator was deterministic with time, then it may be possible to figure out the seed used, which could get the key.
  • Weak encryption algorithms. This goes from a custom cipher that you would likely see in a CTF challenge to something like DES
  • List of different ransomwares vulnerabilities:
    1. Weak encryption algorithm: 7ev3n, XORist, Bart
    2. Mistakes in cryptography implementation: Petya
    3. Weak key generator:DMA Locker, CryptXXX
    4. Leaked keys:Chimera

BIOS and UEFI Hacking- 27

Alex Matrosov    Reference →Posted 6 Years Ago
  • BIOS and UEFI are options for the basic boot system on most computers. Controlling the boot sequence is quite a drastic step.
  • Although this is quite complex (I did not understand it when I read it), this is an amazing dive into the weeds of the boot sequence.

Turning your web traffic into a Super Computer- 26

Ben Akrin    Reference →Posted 6 Years Ago
  • The concept is fascinating! Turning all visitors of your website into a distributed computer.
  • Although this is not a new topic, the concept of using web sockets in order to do this is a good idea.
  • What's a good benchmark for a super computer? Hash cracking of course!
  • Using multithreading and a set task to attempt to solve, we have a super computer :)

← Prev1 ... 184185186187188189Next →
Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed