Our Blog
Wadi Fuzzer
“Operating system facilities, such as the kernel and utility programs, are typically assumed to be reliable. In our recent experiments, we have been able to crash 25-33% of the utility programs on any version of UNIX that was tested.” [1]
Those were the original words in one of the first fuzzing studies where Prof. Barton Miller was first to use the term ‘fuzzing’
One can see the importance of fuzzing as one of the techniques used to test software security against malformed input leading to crashes and in some cases exploitable bugs.
Abusing File Converters
Every now and then you run into a new file format and you find that you may not have a tool to parse that file. Or you are looking for an easy to use solution for you mom to access the photo’s you sent her in a .tar archive. This is where file conversion services come in, a quick Google for “online file converter” will yield multiple results. One thing to keep in mind when converting files, is that different file formats may support different features.
Hi Jack!
No, this post is not about a Leon Schuster comedic skit from the early 90’s, YouTube reference here -> https://www.youtube.com/watch?v=JzoUBvdEk1k
To the point, once upon a time there was a tool called Jack which attempted to make ClickJacking PoC’ing a tad sexier and made it’s way to Black Hat EU 2015 Arsenal.
Some time has passed now since Jack was first released and was time for Jack to get some attention alas a new version of Jack has been released and can be found here, https://github.com/sensepost/jack .
[Another] Intercepting Proxy
But, Websockets! The last week I was stuck on a web-app assessment where everything was new-age HTML5, with AngularJS and websockets. Apart from the login sequence, all communication happened through websockets. Now intercepting websockets can be done in Burp and you can modify the requests/responses as you wish. There were however multiple issues with this.
Polling – the webapp did a ‘ping’ request and if this was held up (intercept in burp) the app would timeout and I had to start from scratch. This timeout period was relatively aggressive, so by the time I finished modifying a request, the app had timed out and my changes meant squat. Intercept/Replace rules- ping messages were irritating and Burp had no way to not intercept these. It also wasn’t possible to configure out replace rules. And according to this, it isn’t coming to Burp anytime soon… https://support.portswigger.net/customer/portal/questions/11577304-replace-text-in-websocket-operations Replay/Intruder – there is no way to replay a websocket request in Burp. This also means no Intruder :( At this junction, three options were available to me. Use ZAP (which does have intercept rules but not replay/replace/intruder). Use Internet Explorer and force the app into non-websocket mode or write a custom proxy. So the choice was obvious, write a custom proxy.
WiFi De-authentication Rifle:
Wireless: it’s everywhere these days and yet owning it never gets boring.
As part of our annual SensePost hackathon, where we get time off projects and get to spend a week tinkering with tech and ideas, the team I was in, consisting of Dominic, Nathi and myself, decided on creating a wireless rifle de-authentication gun, which utilized a yagi antenna and a Raspberry Pi.
The idea was simple: simulate some of the tools available in aircrack-ng wireless hacking suite in one script but without utilizing aircrack-ng in the process.
Mobile Application Bootcamp – Journeyman Level – Black Hat Vegas 2015
Mobile Course, O RLY?
The mobile app market, and app usage, grew 76% in 2014 [1].
From shopping, utilities, productivity and health apps. Flurry, the mobile app analytics firm responsible for the survey, tracked 2.079 trillion app sessions, with a daily session record taking place on December 31st with 8.5 billion sessions as people celebrated New Year’s Eve. We are placing more information online via mobile apps than ever before, but, what does it mean in terms of security?
Running sslscan on 5k servers taken from Alexa’s top 10k
Transport layer security has had a rough ride recently, with a number of vulnerabilities being reported. At a time when trust is required between you and the site you are interacting with, it’s key that website owners configure their sites to be as secure as possible.
With that in mind, I decided to analyse HTTP Security Headers from the top 10k Alexa websites, and look at what SSL Ciphers were being used on those websites.
We need you to analyse the threats
Our Intelligence service team is growing and we are looking for a Threat Analyst to join us. Not only is the working environment pretty cool, the work you’ll be doing means you’ll be learning a lot and also working with some really smart people who are happy to share what they know. We also have great coffee.
This role is perfect for that person who literally gets excited about the thought of unpacking an attack, figuring out how they achieved what they did and then taking that information and creating practical defence guides and advice for our clients. If this sounds like you, send me an e-mail.
Maltego Webinar Series: Episode 01, Introduction
Hello Internet,
We’re going to be hosting monthly Maltego webinar sessions, and our first one is this Friday (24th April)! Being our first episode we’re going to start with the basics of the basics. Our agenda is as follows:
What is Maltego? Why Maltego? Where can I get it? How does this user interface work? What are these Maltego terms and buzzwords? What’s a transform and how I can run one? Bonus round! Sign up here if you’d like to join us:
Lovely Pwnies – Twitter Monitor
Recently there were revelations about a GHCQ initiative called ‘Lovely Horses’ to monitor certain hackers’ Twitter handles. The guys over at Paterva quickly whipped up a Maltego Machine to replicate this:
Building your own LovelyHorse monitoring system with Maltego (even the free version) – it’s easy!
We’ve wrapped some supporting transforms around that Machine to allow you to create and manage your own set of lovely horses (Twitter accounts), and dubbed it ‘Lovely Pwnies’. You can obtain the transforms and original Machine via the new Maltego Transform Hub.