Pro Tip: The Right Way to Test JSON Parameters with Burp
May 21, 2018, Dan McInerney, Senior Security Consultant, Coalfire
Here’s a Burp trick you might not know, which helped find this instance of command execution and lots of SQL injection in other applications. Despite PortSwigger claiming otherwise, Burp does not parse JSON very well, especially nested JSON parameters and values like you see below.
Microsoft Word Document Upload to Stored XSS: A Case Study
May 09, 2018, Esteban Rodriguez, Consultant, Coalfire Labs, Coalfire
Cooking Up Shells with Chef
April 30, 2018, Ryan Wendel, Consultant, Coalfire Labs
I was able to compromise a Chef server on one of my recent engagements. Owning a Chef server means having the keys to the castle. I wasn’t quite sure how to go about using this tool. I’m familiar with Puppet as I’ve spent the majority of my career on the systems side. Having never run into Chef, I needed to put a little time into figuring out the fastest way to use a Chef infrastructure to shell a bunch of sensitive hosts. Here is how I went about it.
Sleuthing the Cloud: The Challenges of Forensics in Cloud Environments
April 04, 2018, Robert Meekins, Director, Forensics, Coalfire
More and more companies are embracing Cloud computing for the practicality, efficiency, and economy of outsourcing the housing, maintenance, and monitoring of applications and their associated infrastructure to a third-party provider. As the Cloud becomes more the norm than the exception, there is no lack of choices: Providers such as Amazon (AWS), Microsoft, IBM, and countless others are providing a variety of solutions, from e-commerce sites that process payments and credit cards, to developmental networks used to test and configure operational assets.
A Good Shell Is Hard to Choose
March 26, 2018, Killian Ditch, Senior Consultant, Labs
I had the recent opportunity to speak at BSides SLC, held on the Sandy campus of Salt Lake Community College. I tailored my presentation to the student demographic and chose to talk about one of the fundamental concepts that a penetration tester must understand: types of shells. I touched on the differences between simple shell interaction and a full-featured terminal and then launched into a discussion focusing on web shells. Following the theory conversation, I demonstrated how control over a server could be established by exploiting a file inclusion vulnerability and default credentials to deploy two different web shells, each adapted for the particular platform.