CLI Virtual Host Checker bingip

CLI Virtual Host Checker bingip

|
Google rocks right? Well, there’s still one feature it lacks compared to Bing – the ability to search by IP address. On bing.com you can use ip:<IP address> and it will return pages indexed from that IP address which, as a security guy is a really useful way of enumerating virtual ... Read More
[Quick Post] Securing Splunk Free Authentication

[Quick Post] Securing Splunk Free Authentication

|
Following up on my post earlier about abusing Splunk functionality, one of the issues Splunk administrators face when deploying the Free version is the lack of authentication. I just had a very quick and simple thought for anyone running it on Linux/Unix. I suggest simply that you bind SplunkWeb to ... Read More
Splunk: With Great Power Comes Great Responsibility

Splunk: With Great Power Comes Great Responsibility

Splunk backgroundSplunk is a fantastically powerful solution to "search, monitor and analyse machine-generated data by applications, systems and IT infrastructure" and it's no surprise that many businesses are turning to it in order to help meet some of their compliance objectives. Part of Splunk's power comes from its query language ... Read More
Abusing Splunk Functionality with Metasploit

Abusing Splunk Functionality with Metasploit

In our post Splunk: With Great Power comes Great Responsibility we outlined how the sheer power and flexibility of Splunk can be abused to gain complete control of the server upon which Splunk is running. We ran through the creation of a custom application to upload through SplunkWeb, which facilitates OS ... Read More

44Con Burp Plugin Workshop Slides and Code available

|
44Con 2012 has been and gone and attendees seem to agree it was a huge success. I was proud to present my Burp Plugin Development for Java n00bs workshop at the event and on the whole I think it went well.The demo gods weren't smiling on me which meant there ... Read More

7 Elements to run 44Con Burp Suite Workshop

Our Principal Security Consultant Marc Wickenden will be hosting a workshop at the "UK's permier information security conference and training event" - 44Con - next week in London. The two hour practical workshop "Burp Plugin Development for Java n00bs" will be run on either Thursday or Friday in the Technical ... Read More
Nmap NSE Howto: MySQL Auth Bypass

Nmap NSE Howto: MySQL Auth Bypass

A recently disclosed critical vulnerability in MySQL authentication on some platforms gave me just the excuse I needed to write my first Nmap NSE script. @jcran produced a metasploit module to find and exploit the MySQL bug so I thought I'd try and fill a gap in the Nmap world.First thing ... Read More

ssh-agent: Abusing the trust – Part 2

In part 1 of this blog post I discussed common issues with using ssh-agent forwarding in an untrusted environment. Despite the risks it remains prevalent and ripe for some exploitation.There are tools out there to help exploit this scenario, the main one I know about is secret-agent but I've been working ... Read More
Solving the Security B-Sides London 2012 Web Hacking Challenge

Solving the Security B-Sides London 2012 Web Hacking Challenge

This year (2012) I wrote a web hacking challenge for BSides London. Rather than write a lengthy blog post about how to solve it (when others have already covered it), I thought I'd do some vidz. They're all up on my (new) YouTube account and embedded below for your viewing ... Read More

ssh-agent: Abusing the trust – Part 1

This post is about ssh-agent. For those who don't know, the following best describes it (from the man page):ssh-agent is a program to hold private keys used for public key authenticationMany Unix/Linux/OSX dudes use it every day without even thinking too much about it. Even Windows dudes get a look ... Read More