.svg){kind=small}
.svg){kind=small}
Should I allow my penetration tester’s IP address range on my intrusion prevention system? Variations of this question have featured in numerous information security forums and mailing lists. Unfortunately, the factors and variables in play here are considerable so a worthy response is unlikely to be short or universal. This blog post aims to highlight […]
Category: researchblog
Different Ways of Transferring Files Into and Out of a Citrix Environment
During a recent engagement I was asked to perform a penetration test of a Citrix environment. One particular requirement of this test was to see whether I could transfer files back and forth between my local computer and the remote environment. The easiest way to transfer data was through their web proxy. Although it implemented […]
Information Security Tips
Some simple tips to improve the Information Security of your organisation. Stop using sticky notes as advertisements for your passwords Do not leave your password where someone can easily read it. This is the same as not having a password at all, as anyone can read it and log in as you. Ensure that you […]
Splunk Web Shell
Now and then, while performing internal penetration tests we come across Splunk default installs where system users can log in as “admin” and are granted the associated privileges without having to authenticate. Splunk is based on Django, and among the options it gives you when accessing the admin panel is one that is particularly attractive […]
What is Red Teaming?
Red Team exercises can be thought of as extended penetration tests designed to thoroughly assess an organisation’s security posture across multiple domains. Some security firms employ the term liberally, packaging it up and conflating it with conventional assessments; just maybe with a bit of social engineering thrown in. But ‘old wine, new bottle’ it is […]
PCI DSS: Which Self-Assessment Questionnaire?
For many small and medium size organisations it can be a difficult to know where to start with PCI DSS. There is quite a lot of PCI DSS documentation to get your head around, and some of the terminology is difficult to understand initially. Furthermore, your bank (or acquirer) may be telling you to become […]
Grabbing Microsoft SQL Server Password Hashes
Once you get domain administrator during an internal penetration test, it is a common practice to gather as much information as possible including clear text credentials, password hashes, tokens and so on in order to compromise the network further. An example of these are the Microsoft SQL (MS SQL) Server password hashes. Since version 2008 […]
Integrating Hydra with Nessus
Recently I spent a little time trying to integrate Hydra (THC-Hydra) into Nessus. I thought to share this so you might save a bit of time if you are trying to achieve the same thing. I have been told by the Nessus support team that if you have installed the latest version of Nessus, which […]
Information extracted from online documents
Hacking in the movies happens at breakneck speed. Someone needs access to some database or internal system hosting confidential data and the “genius coder” will fly their fingers across the keyboard before seconds later dropping the painfully trite and clichéd line “I’m in”. Hacking in real-life, whether performed during a sanctioned penetration test or genuine […]
Umbraco CMS Local File Inclusion
Umbraco CMS <= 7.2.1 is vulnerable to local file inclusion (LFI) in the ClientDependency package included in a default installation. Whether this vulnerability is exploitable depends on a number of configuration options, and on the exact version of Umbraco installed. The ClientDependency package, used by Umbraco, exposes the “DependencyHandler.axd” file in the root of the […]