Web App

External/Internal, How-To, Informational, Password Spray, Red Team, Red Team Tools, Web App Bypass IP Filtering, Darin Roberts, Foxy Proxy, IP Rotation, password spray, ProxyCannon, ProxyMesh

How To Rotate Your Source IP Address

Darin Roberts// IP-Go-Round – Source IP Rotation I was on an engagement recently that was blocking my password sprays based on my IP address.  If I made 3 incorrect requests […]

Read the entire post here

Informational, Web App CORS, Cross Origin Request Sharing, Web App

CORS Lite

Dakota Nelson// Cross Origin Request Sharing (CORS) is complicated, and that complexity creates a lot of places where security vulnerabilities can sneak in. This article will give you a “lite” […]

Read the entire post here

Author, Brian King, Web App, Webcasts Web App, Web App Assessment, Web Apps, webcast, webcasts

WEBCAST: Web App Assessments for Non-Majors

BB King // BB King looks at testing modern web apps in that “enterprise environment” so many of us inhabit. Taking the perspective of the Lonely Application Security Person in […]

Read the entire post here

Author, Brian King, Informational, News, Web App audit, authentication, government, legal, ohio, potheads, webapp, webapp test

When Infosec and Weed Collide: Handling Administrative Actions Safely

BB King//* The state of Ohio recently validated a webapp pentest finding that sometimes goes overlooked. It relates to the details of administrative functions, how they can be abused, and […]

Read the entire post here

Author, External/Internal, How-To, Jordan Drysdale, Web App Digital Ocean, Jordan Drysdale, Nessus, Vulnerability Scanning

How to Scan Millions of IPv4 Addresses for Vulnerabilities

Jordan Drysdale// Some days are not like others. Some days, you might get tasked with scanning a million IP addresses. Here’s how I did it: Let’s go through some finer […]

Read the entire post here

External/Internal, Red Team, Web App Apache Struts, Unauthenticated Remote Code Execution

Strutting your stuff – Unauthenticated Remote Code Execution

Carrie Roberts // Unauthenticated Remote Code Execution? A hacker’s best friend. And that is what we have with CVE-2017-5638 Apache Struts with working exploit code here: https://github.com/rapid7/metasploit-framework/issues/8064 Save the exploit […]

Read the entire post here

Red Team, Web App All the Shellz, hacking, metasploit, msfvenom, netcat, OS Command Injection, pen-testing, Python, Real Life Hacking, Waiting

OS Command Injection; The Pain, The Gain

Carrie Roberts // OS Command Injection is fun. I recently found this vulnerability on a web application I was testing (thanks to Burp Suite scanner). I was excited because I […]

Read the entire post here

Author, Brian King, Red Team, Web App cross site tracing, http trace, OWASP, trace request, WAF bypass

Three Minutes with the HTTP TRACE Method

Brian King // All of our scanning tools tell us that we should disable the HTTP TRACE and TRACK methods. And we all think that’s because there’s something an attacker […]

Read the entire post here

David Fletcher, Red Team, Web App Cross-Site Request Forgery, CSRF, CSRF-Token, Recursive Grep, Testing Protected Pages, XSRF

Using Recursive Grep to Test Per-Request CSRF-Token Protected Pages

David Fletcher // Cross-Site Request Forgery (CSRF or XSRF) is an attack which is used to execute a transaction on behalf of a victim user against a vulnerable web application. […]

Read the entire post here