This is a fairly detailed blog post on the pain we went through to get Arbitrary File Read (CVE-2020-10560) in an open-source platform that involved writing a custom crypto cracking tool!. Before we get to that let's start at the beginning.
OSSN
The Open Source Social Network (OSSN) is, well ju...
This is a story about an XSS vulnerability on a website for a popular UK restaurant chain which from this point forward I will simply refer to as "Shenanigan's". The interesting thing is not, in fact, the XSS vulnerability but is about bypassing the Web Application Firewall that was protecting it.
...
For the last year, I have been the Director of Content for ImmersiveLabs. I lead a team of people that create practical cyber training labs that can be delivered in a browser.
As part of this, I spend a lot of time creating docker containers and small applications or vulnerable services. For m...
Its been a few months since I wrote about my new project PasteHunter When I first wrote the app it was a fairly simple single threaded app that followed a simple work flow:
- Fetch list of pastes
- Fetch each paste
- Scan paste with yara
- Write to elastic search
This was a good start but I wanted...
From a security analytics and Threat Intelligence perspective Pastebin is a treasure trove of information. All content that is uploaded to pastebin and not explicitly set to private (which requires an account) is listed and can be viewed by anyone.
tl;dr Using Yara Rules to find and save interes...