Don't be a normal Pentester. Be Updated with new Technologies, Break it and Build it more Secure then ever

SMADAV - ANTIVIRUS REVERSE ENGINEERING

Recently, I started reverse engineering Anti Virus products to understand AV Engine and also to find new Vulnerability by Fuzzing. So i started looking at various AV products avilable in market. Last Week I came across the antivirus called smadav antivirus for USB Protection, which has maximum of 2-5 dll library & binary. So i thought it would be right product to start with to improve my s...

DRAKVUF CONSOLE - LOG ANALYSIS TOOLKIT

My Goal: Build a automated malware analysis sandbox using Drakvuf for Windows - 80% is done (We can’t use injector when drakvuf is intialized) Note: If we use injector along with drakvuf to open malware sample, at first injector create new process using injection technique and then drakvuf is intialized. So we won’t get much context about how the intial malware process creation i...

CVE-2019-0708 - BLUEKEEP (RDP)

Vulnerability Overview RDP Connection Sequence Analysis of RDP Service Vulnerability Windows Kernel Debugging Note: Please, check the above two link to understand the how rdp connectioin sequence work and also about the vulnerability exists in Microsoft Windows RDP kernel driver - termdd.sys (MS_T120) My approach: I am n00bs in kernel exploitati...

WINDOWS INSTALLER BYPASS USING ROLLBACK SCRIPT (RBS AND RBF) - RACE CONDITION

Exploit https://github.com/SandboxEscaper/polarbearrepo/tree/master/InstallerBypass Windows Installer Windows Installer accomplishes rollback by creating a rollback script. A rollback script is a file that contains a linear sequence of operations to perform, such as file and registry updates, configuration information updates, user interface notifications, and state information for other oper...

INJECTING RASP (RUNTIME APPLICATION SELF PROTECTION) INTO DEMO PHP VULNERABLE APPLICATION

Summary: Before going further please understand how RASP works or watch my previous video about RASP (Runtime Application Self Protection) Security in Python [Here]. This blog is to give overview how the RASP Model work with php application and how it block SQL Injection by understading the aplication context. Note: This is just a prototype design developed to explore the RASP concept and...

INJECTING RASP (RUNTIME APPLICATION SELF PROTECTION) SECURITY INTO DEMO TORNADO VULNERABLE APPLICATION

Tornado Demo Vulnerable Application to test SQL injection vulnerability and patch it using RASP (Runtime Application Self-Protection) Note: This is just a prototype design developed to explore the RASP concept and this code will not be available in my github repository. For more information, please do more research on RASP. Requirement: Python 2.x & 3.x Demo Tornado Vulnera...

WP STATISTICS PLUGIN SQL INJECTION VULNERABILITY

Requirements: WP-Statistics Plugin Version <= 12.0.7 Least Permission account : Subscriber account (with post edit permission) Why it is easy to exploit? This vulnerability is caused by the lack of sanitization in user provided data. An attacker with at least a subscriber account could leak sensitive data and under the right circumstances/configurations compromise your WordPress in...

Tags:

WAF RULE TESTING (UNRESTRICTED FILE UPLOAD VULNERABILITY)

Summary In this blog, we are going to test Unrestricted File upload vulnerability on XVWA application with OWASP CRS && CWAF 1.128 (latest version) Ruleset. Test Scenario 1. Test Unrestricted File Upload Vulnerability with OWASP CRS: OWASP CRS block possible malicious files upload i.e .php files from getting compromised by .php shell, but still we are able to find little flaw in the ...

WAF RULE TESTING (LOCAL FILE INCLUSION VULNERABILITY)

In this blog, we will be testing Local File Inclusion (LFI) vulnerability on vulnerable application with OWASP CRS & CWAF Ruleset 1.127 (latest version). Test Scenario 1. Testing LFI attack with OWASP CRS Include the OWASP CRS on apache config: Filename: REQUEST-930-APPLICATION-ATTACK-LFI PARANOIA_LEVEL:1 Rule ID: 930100,930110,930120,930130 Test these following payloads on the xvwa ...

WAF RULE TESTING (OS COMMAND INJECTION VULNERABILITY)

In this blog, we will be Testing OS command injection attack on vulnerable application with OWASP CRS & CWAF Ruleset. How to identify the flaw on OWASP CRS & CWAF Ruleset? At first, set up the vulnerable application i.e XVWA,OWASP Mutillidae Vulnerable App on the server for testing WAF rules. Install modsecurity and include both OWASP CRS && CWAF ruleset in apache config....

MODSECURITY WAF DASHBOARD (ELK STACK)

In this blog, we will be seeing what are the various open source web console available for ModSecurity and we will show our research project about integrating Modsecurity log with ELK-Stack (Elastic Search, Logstash, and Kibana ) as Web Dashboard for real time monitoring and analysing the log to prevent real time attacks. Following are the Open Source Web Console currently available for ModSec...

WAF RULE TO PREVENT 0-DAY ATTACKS IN WORDPRESS

(CVE-2017-8295) Wordpress <= 4.7.4 - Unauthorized Password Reset Vulnerability By default, WordPress is using an untrusted data to create a password reset link. That is supposed to be delivered only to the email address associated with the owner’s account. If the From email header is not present WordPress will use the server one. // check wp-includes/pluggable.php if ( !isset( $from_...

OWASP CRS 3 AND COMODO WAF PATCH RULES

In this blog, we will see how to identify flaws in WAF and write our custom waf rules to block new attacks against our vulnerable application. How to write Custom WAF rule to block new attacks on web application? At first, try to identify the security issue i.e payload or process which normally WAF failed to detect. Based on that develope regex pattern to match that payload. Follow the...

MODSECURITY WAF RULE WRITING

How to write Custom WAF rule to block new attacks on web application? At first, try to identify the security issue i.e payload or process which normally WAF failed to detect. Based on that develope regex pattern to match that payload. Follow the modsecurity syntax to write a new rule. Save the rule as .conf and include in the default rules directory. Restart the Apache server and st...

BLOG VIEWS BOT

We create this python script for fun to increase blog user view traffic on website through Tor Network i.e blog user view with different country IP address for every request. Getting Started git clone https://github.com/umarfarook882/Blog-Views-Bot.git or download Zip and extract it. cd Blog-Views-Bot chmod +x blog-view.py python blog-view.py Prerequisites: Linux operating syst...

Tags: