Articles

We’ve previously posted about manually finding and exploiting SQL injection vulnerabilities. However one of the reasons SQL Injection is such a high risk vulnerability overall if due to the fact that exploitation can often be entirely automated. One tool for exploiting this vulnerability is sqlmap. From the point of view of security testers, ...

Command Injection vulnerabilities are a class of application security issue where an attacker can cause the application to execute an underlying operating system command. Command Injection vulnerabilities occur where user supplied input is insecurely included within an operating system command, allowing a threat actor to execute additional commands or alter the syntax ...

We’ve previously written about many different techniques for Finding and Exploiting SQL Injection vulnerabilities. However, there are often restrictions and interim technologies such as Web Application Firewalls that can prevent certain payloads from being used. In some instances filters can be bypassed through common encoding mechanisms, however often these will be ...

Path Traversal, also known as Directory Traversal, is a vulnerability where a user can alter a path used by an application. For file retrieval functionality this can allow a threat actor to access files that are not intentionally disclosed. For file upload functionality this can allow for website defacement, code execution and ...

Weak passwords are those which are predictable and can be easily guessed. To ensure that users do not select weak passwords organisations may look to enforce password complexity. Complexity refers to the requirement to use a mixed character set. For example, on Active Directory accounts complexity requires three of the ...

Certification Authority Authorization (CAA) is a used to specify which Certificate Authorities may issue certificates for the domain. Whilst lack of CAA does not constitute a vulnerability itself, it may be used to harden the transport layer security of an application by reducing the risk of certificates being mis-issued. Additionally, ...

Major outages in major public cloud providers such as Azure and AWS are rare, but they do happen. Today OVH had a major incident: “OVH datacenter burns down knocking major sites offline” and they’re not the only ones to experience these issues, for example Amazon had a major outage in November and Microsoft had ...

Out-of-band exploitation refers to exploits where the extracted information is received over a connection other than the one the payload was delivered over. It can be used to bypass defensive technologies as well as complicating the detection and response capability. SQL Injection can be exploited out-of-band through protocols such as ...

In a previous article we discussed how bruteforcing Windows accounts is often easier than people expect. In this post – we’ll cover some steps to harden these accounts. The Observation Window When configuring an account lockout threshold on a Domain another setting is suggested, the observation window. This setting effectively reduces the ...