As we come close to the end of the year, it is interesting to analyze the vulnerability data to get an idea of what security issues were most commonly exploited in the year. Understanding this data can help us focus on critical and common issues to harden our application.
Note: The products mentioned in this article are not necessarily insecure, but rather large complex projects that are frequently used, and frequently targeted by attackers. It is important to be aware of security vulnerabilities in products, those that report the most vulnerabilities often end up being the most secure.
All of the data in this article is from NVD. To analyze the data, I downloaded the JSON feed, parsed it into a SQL database using Python, then used SQL queries to pull the required data. …
Musical notation is a set of symbols that we use to communicate the sounds we want a player to create on their instrument. It can be seen as the language of music and is core to understanding most topics in music theory. We will start this article by seeing how notes are arranged on the piano. After this, we can naturally extend our understanding of the piano to theory, as well as any other instrument we might want to consider.
The piano consists of a set of (often 88) keys, each tuned to a specific note. In music, we represent each note as a letter in the alphabet, using the letters A,B,C,D,E,F and G. …
A graph is a structure used to represent how two or more objects connect to each other. Many problems in the computer science realm use graph representation, and as such, many algorithms revolve around efficiently finding properties in graphs. Before learning graph algorithms, it is important to understand what a graph is, and how it can be represented in code.
A graph consists of a set of vertices (or nodes), typically referred to as V, as well as a set of edges, typically referred to as E. Consider the graph below.
A stack is a set of items stored using a last-in first-out or LIFO policy. This means that the last thing that is inserted to the stack is the first thing that is removed from the stack. Often, we might think of a stack like a stack of dinner plates. When we place a plate onto the stack, we will place it on the top, and in turn when we want to take a plate off the stack, we also remove it from the top. This is the same sort of structure we wish to implement with a programming stack.
Let’s start by having a look at a visual example of a stack. Suppose I insert three values onto my stack, which are 5, 6, and 7. …
Looking to learn computer security and ethical hacking? Check out my course here: https://scott-s-school-51c9.thinkific.com/courses/introduction-to-ethical-hacking-and-penetration-testing. For $100, you can gain access to over 40 video tutorials discussing vulnerabilities, using Kali Linux, and Android based exploitation techniques!
Recently, SaltStack had a release regarding two vulnerabilities found in their product, CVE-2020–11651 and CVE-2020–1162. These two CVEs were able to be used by attackers to either remotely execute code, or disclose sensitive data from the server. Many organizations were using SaltStack for server orchestration, and as such, many organizations were compromised by these vulnerabilities (most notably Cisco https://threatpost.com/hackers-compromise-cisco-servers-saltstack/156091/).
As security researchers, we often want to discover why these vulnerabilities occur, and what caused them to be so easily exploited. In this article, I will explore the SaltStack CVEs, and explain how the vulnerabilities came to be, why PoCs were easy to develop, and how this could have been…
The process of ethical hacking can be broken down into 5 main phases. These phases are:
3. Gaining Access
4. Maintaining Access
5. Covering Tracks
In this article, I will walkthrough each of the phases to give a general overview of what each phase entails.
Phase 1: Active and Passive Reconnaissance
Passive reconnaissance is the act of gathering information about a potential target without the target’s knowledge, whereas active reconnaissance involves probing networks which can increase risk of detection by the target. There are many different methods of reconnaissance utilized by attackers to help find vulnerable targets. When you first receive a target, you may decide to run an internet search on the company, and on any individuals of interest at the company. This type of search would be a type of passive reconnaissance typically called information gathering. Gathering information about a target and individuals who are involved with the target can be valuable for social engineering type attacks. …
In general, hackers can be divided into three general groups: white hats, black hats, and gray hats. White hats are ethical hackers, they use their skills to help defend a system from malicious users. Black hats are malicious hackers who use their skills for illegal or malicious purposes. Gray hats are those who stand in the middle of white and black hat hackers. They work offensively and defensively, but do not strictly stay to one side of the spectrum.
When a company wants to evaluate the security of their systems and products, they need someone who has a knowledge of how to attack computer systems. For this purpose, they will often hire penetration testers, or ethical hackers, to apply hacking skills to try to compromise their systems. An ethical hacker is a hacker who attempts to compromise a system, with the purpose of reporting vulnerabilities to the owner of the system. It is important to note that an ethical hacker will never seek to cause damage to a system, but rather demonstrate that a vulnerability exists without causing impact to the system. …
This article will explain to you the fundamentals of XXE vulnerabilities. When a server parses XML data provided by a user, there is a risk of XXE vulnerabilities. These vulnerabilities typically leverage external entities to expose sensitive information stored on the server. This is possible due to a feature known as XML external entities. These are a type of custom XML entity that can load values from outside of the document they are defined in. This means that an attacker can declare a path to a file or a URL, and the server will attempt to retrieve this data. …
Interested in learning more about bug bounties and ethical hacking? Check out my course at: https://www.udemy.com/course/the-complete-guide-to-bug-bounty-hunting/
What is WFuzz?
WFuzz is a command line utility included in Kali Linux. It is used to discover common vulnerabilities in web applications through the method of fuzzing. Fuzzing is the concept of trying many known vulnerable inputs with a web application to determine if any of the inputs compromise the web application. It is a great tool to be able to quickly check common vulnerabilities against an application. …
The Ghost Cat vulnerability is a new vulnerability that is gaining traction. In this article, I will describe the vulnerability, the impact, and what can be done to fix the vulnerability on Tomcat servers.
What is Ghost Cat?
Ghost Cat is a vulnerability that affects Apache Tomcat. It currently affects versions before 9.0.31, before 8.5.51, and before 7.0.100. It is caused by an inseucre configuration of the AJP protocol in the default installation of Tomcat, leading to attackers being able to cause information disclosure, and potentially remote code execution.
What is AJP? …