SECURITY LABS

SECURITY BLOG
Bypassing insufficient blacklisting

Operating system (OS) command injection attack is a variant of code injection attacks which are considered a major security threat that in fact, is classified as No. 1 on the 2013 OWASP top ten web security risks [1]. The main objective of this article is to examine the detection and exploitation capabilities of Commix against blacklisting techniques. The general idea behind blacklisting is to check for malicious patterns before allowing the execution of users input.

READ MORE
IBM WebSphere Java Deserialization (RCE) - Metasploit Module

Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.

READ MORE
Undetectable Metasploit WAR

A possible attack path during a penetration test is having access to the administrative console of a JAVA Application Server (like WAS, JBOSS and Tomcat) installed on a Windows server with default or guessable (e.g. through brute-force) administrative credentials.

READ MORE
Fast Forward Brute-Forcing Apache Tomcat 6/7/8

Just a way around Apache Tomcat "brute-forcing" delay mechanism...

READ MORE
Client Side Penetration Testing - T&T Part 2

This is the 2nd part, out of 2 blog articles, which demonstrate some tips and techniques (T&T) for client side penetration tests. The previous article included tips and techniques on how to deliver spoofed emails without being blocked. This article includes techniques on how to embed an executable file within attachable files, without being detected by mail filters and anti-virus.

READ MORE
Client Side Penetration Testing – T&T Part 1

This is the 1st part, out of 2 blog articles, which will demonstrate some useful tips and techniques (T&T) for client side penetration tests. This article includes tips and techniques on how to deliver spoofed emails and how to defend against email spoofing. The next article will include techniques on how to embed an executable file in attachable files without being detected by mail filters and anti-virus.

READ MORE
Multiple vulnerabilities identified on Aircrack-ng

About a month ago I identified four vulnerabilities in Aircrack-ng suite. A brief but technical description may be found below. Furthermore, references on the proof-of-concept exploit code and the OSI advisory maybe be found at the end of this article.

READ MORE
Integrating People Process and Technology

Being in and remaining in a “secure state” requires a continuous process of awareness, preparedness and readiness. It is a highly demanding, cross-domain activity that covers nearly all aspects of an organization and involves resources with different skills and levels of expertise.

READ MORE
Using UDF in Penetration Testing Part 2

This is the second part of the User Defined Function (UDF) usage in Penetration Testing. At this post we will try illustrate how to get a reverse shell from a Windows machine, with MySQL installed.

READ MORE