Page 2 of 3

Shellcode wrapper for Linux

This post is about how to create Linux binary executable shellcodes using msfpayload.

Continue reading

Installing Dradis on Backtrack

This post is more of a note for myself then an interesting technical stuff but it might be useful for somebody else as well.

You might already know the Dradis Framework if not check it out here. It is basically a note taking web application which focuses on penetration tests and other security assessments. It allows testing teams to quickly share the collected information about the tested environment with each other.
Continue reading

Please, don’t use user supplied XSLT

I didn’t even want to write about this, because hopefully it is not a wide spread problem but it is such a catastrophic programming mistake which I saw in a production system that I felt the need to talk about it. So to summarize this blog post in one sentence: total client-side exploit using user defined XSLT.

Continue reading

Book review: Advanced Penetration Testing for Highly-Secured Environments

I recently obtained the Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide book, so I figured I write a little summary about it as I did with the other security books that I read.

Continue reading

Experiences in pentesting DWR

I was lucky enough to do a penetration test on applications using Direct Web Remoting (DWR), and I would like to share my experiences. It is another interesting technology in the wild jungle of the web frameworks and libraries. It defines itself as follows:
“DWR is a Java library that enables Java on the server and JavaScript in a browser to interact and call each other as simply as possible.”
Continue reading

Book review: Securing the Cloud

The cloud is everywhere. It is all over us. But everybody knows that. I have been interested in could security for quite a while, so I decided to read a book to see how it is defined from A to Z today. After reading some reviews I chose the Securing The Cloud; Cloud computer security techniques and tactics written by Vic (J.R.) Winkler.
Continue reading

Tricking the XML parser

Nowadays there are numerous web application frameworks to implement a rich web application. I have already written about one of them. These frameworks usually use AJAX and XmlHttpRequests filled with either XML or JSON. In this post I will write about the XML part. In that case the first step is always to fight with the XML parser on the server-side.
Continue reading

Welcome to the Jungle

This post will describe the general problem in having embedded devices in your network. Mitigation techniques and work-arounds will be shown how to reduce the risk introduced by them.

But to make it more interesting listen to this while reading.

So it all started with a network pen test which was like hiking in a rainforest and seeing all those weird animals and human-eating flowers that live there. All these creatures in the network were different very exotic embedded devices. They were really interesting as well as very much vulnerable.
Continue reading

Revenge of XHTML

My colleague brought my attention to a really interesting ‘feature’ of browsers. Namely that XHTML namespaces in an XML document will be rendered as XHTML instead of XML. That means that if you can some way control an XML that will be rendered by the target’s browser, then you can insert HTML and of course JavaScript code. So this feature widens an XML injection to an endless attack vector.
Continue reading

Listen to your Echo

In the ocean of web application development frameworks there are a quite a few which tries to create rich web application in the same way as traditional desktop-based applications. One of them is the open-source Echo Web Framework from NextApp. It is a Java based system which is kind of practical because everybody has at least one Java developer friend. The Echo applications can be deployed in most of the Java web containers. But the most important difference is that instead of creating for instance a .jsp file to create a view the developer write only things like window.add(button);. That means that for the developer should not care about the fact that his application will be accessed with a web browser. In some way it is really cool that you can just say the words and everything happens automagically but for me it is always a bit weird when I don’t have control over something, but that’s just my taste. And the magic in this case is done by JavaScript. Before going into details I must say that I don’t have full understanding of the Echo Framework and how one should use it properly, I understood it only to be able to do a pentest and to attack it properly. In this post I write about the Echo2 framework and my experiences from the penetration tester’s point of view.
Continue reading

« Older posts Newer posts »

© 2017 Æther Security Lab

Theme by Anders NorenUp ↑