Insights
If you're interested in the world of cybersecurity, the related technical issues, and what's challenging right now, you're in the right place! This part talks about IT security more broadly and has the latest information, tips, and advice.
Latest insight
Security Mechanisms vs. Application Logic: Conclusions from Mobile App Penetration Tests
Martin Matyja
31 October 2024
Introduction: In our daily work, we often come across mobile applications, primarily for Android and iOS platforms. This article describes an example that demonstrates how popular security mechanisms should not replace essential application logic.
READ article
Featured articles
Two new CVEs: FooGallery's WordPress plugin
>Robert Kruczek
05 July 2024
During some happy hunting, I found two XSS vulnerabilities in the FooGallery WordPress plugin (version 2.4.14), which made 50k instances vulnerable on the day of discovery! These can allow attackers to execute malicious code and gain unauthorized access to administrative functionalities. Below is a detailed explanation of these vulnerabilities and how they can be exploited.
READ article
XSS in WordPress via open embed auto discovery
JAKUB ŻOCZEK
29 May 2023
Introduction Users often assume that known software is free of security flaws because it has been checked by a sufficient number of tools and security testers. However, this is not an assumption that a pentester or bug hunter can afford to make. Vulnerabilities may lurk in various places, and finding an interesting bug often requires …
READ article
Other articles
Crafting Malicious Software for Penetration Testers: A Guide from Novice to Pro
Dominik Antończak
26 August 2024
Sunday evening, you are preparing an email message for several company employees. Everything is polished, and the message is clear and convincing. The email includes a link to a server hosting malware that aligns perfectly with the company profile. The phishing campaign is about to begin. Before it does, you check everything again and say to yourself, "Perfect." Just after that, you run the program that sends your phishing emails. The next day, around 8:30 – 9:00, you check the logs and see that 3/4 of the targeted employees have downloaded the hosted malware, so probably at least half of them ran it. It's time to check the C2 (Command and Control server) for any beacons, but for some reason, there are none. What happened, you wonder? Thoughts start to appear.
READ article
How to access data secured with BitLocker? Do a system update
Krzysztof Bierówka
12 January 2023
Do you suffer from eternal lack of time for system updates? Finally managed to find a moment to install them, but you didn’t finish the whole process because you had to run out of the office? Is your data safe? Read this article to find out. As always in the IT world, it is difficult …
READ article
How a simple lack of SMS code verification can compromise financial security
Securitum
19 April 2024
During audits, it's crucial to check all possible attack vectors, even the seemingly obvious functionalities. This diligence led us to discover, during one of our web application audits, that the server does not verify the correctness of the SMS code used by applicants during the credit request process, either at the start or at the final document signing stage. In short: a credit application without any verification.
READ article
Multiple Benefits from a Single Action: The Dangers of Race Conditions in Your Application!
Adam Borczyk
19 April 2024
When multiple application threads work on the same data concurrently, there is a risk of data inconsistency or data collisions. Database engineers have tackled this problem since the early days of database engines by introducing “atomic” transactions. However, web applications remain vulnerable to an attack known as a “race condition”.
READ article
Having trouble during your pentest? Could an LLM come to your rescue?
MACIEJ KISIELEWICZ
5 April 2024
Abstract In this article we will discover whether an LLM can actually deliver value as a pentest assistant or a standalone hacking agent. Introduction With the AI revolution taking place, it’s no wonder that penetration testers are also taking notice and employing LLM agents to help with their daily tasks. Today, we will embark on a journey of doing just that. I have created 6 completely different scenarios in order to get definitive answers on the efficiency of this solution.
READ article
New Year, Fresh Vulnerabilities: Unmasking Hidden Threats in Web Applications
Marek RZepecki
5 January 2024
Security flaws, sometimes overlooked as minor ones, can escalate into significant risks for entire applications. Our recent penetration test identified a critical vulnerability enabling potential account takeover at the administrative level. This write-up highlights the essential need for comprehensive security measures throughout the application development process.
READ article
Artificial Intelligence-Assisted Fuzzing: New Horizons in Software Security Testing
tomasz turba
15 December 2023
Cybersecurity is evolving with every new technology, so penetration testers feel the need for more advanced methods and tools. One such emerging trend is Artificial Intelligence (AI)-assisted fuzzing, an approach that merges traditional fuzzing approaches with the innovative capabilities of AI. This article delves into the concept of fuzzing, its enhancement through AI, and the potential future directions of this synergy.
READ article
Hacking the invisible: A deep dive into Sub-GHz communication and flaws in the devices we use every day
MATEUSZ KOWALCZYK
8 December 2023
In our modern world, remote control technology is an ever-present part of daily life. This includes everything from the key fobs in our pockets to the remote controls on our coffee tables. But what lies behind the magic of these devices? In this article, we delve into the world of Sub-GHz communication, a technology in remote control systems, particularly those used for controlling entrance gates or garage doors.
READ article
Mobile Device Security in today's enterprise landscape: A comprehensive approach
Michał Wnękowicz
24 November 2023
The evolving challenge at a time when mobile devices are commonplace in corporate environments, concerns about their security have increased. For both corporate and Bring Your Own Device (BYOD) devices, the challenge of maintaining strong security is significant. What's more, as mobile applications become more sophisticated, their potential security vulnerabilities are becoming a concern for cybersecurity teams.
READ article
The risks of over-logging: a case study on application takeover
Securitum
15 November 2023
Logs are often seen as a wall of text, filled with information that seems unimportant until a significant problem arises. Yet, have you ever thought about the security risks hidden within those walls of text, particularly when they include sensitive details like usernames and passwords? It’s a common belief that only trustworthy individuals, such as administrators, access these logs, but not considering the potential security implications can be a dangerous oversight. Today, we explore a case where logging non-sensitive data inadvertently led to a complete application takeover by a user with limited group privileges.
READ article
Attacking Artificial Intelligence - 3 common ways
Tomasz Turba
27 October 2023
Large Language Models (LLM) like ChatGPT, Bing and Bard can be attacked by threat actors. These AI systems could be vulnerable to attacks where threat actors can manipulate the prompt in order to alter their behavior to serve a malicious purpose. As AI components are further integrated into society's critical systems, their potential vulnerabilities could significantly impact the security of both companies and entire countries.
READ article
How Private Cache Can Lead to Mass Account Takeover – pentest case
MATEUSZ KOWALCZYK
12 July 2023
In many situations, minor vulnerabilities might seem like small fish in the vast ocean of cybersecurity threats. They’re often marked as low severity and thus, overlooked by developers who assume that the conditions for their exploitation are too complicated to be met. However, in this article, we’re going to challenge that assumption and show you …
READ article
SOCMINT – or rather OSINT of social media
Tomasz Turba
October 28, 2022
SOCMINT is the process of gathering and analyzing the information collected from various social networks, channels and communication groups in order to track down an object, gather as much partial data as possible, and potentially to understand its operation. All this in order to analyze the collected information and to achieve that goal by making …
READ article
PyScript – or rather Python in your browser + what can be done with it?
michał bentkowski
October 28, 2022
PyScript – or rather Python in your browser + what can be done with it? A few days ago, the Anaconda project announced the PyScript framework, which allows Python code to be executed directly in the browser. Additionally, it also covers its integration with HTML and JS code. An execution of the Python code in …
READ article
Windows security: reconnaissance of Active Directory environment with BloodHound - part 2.
DAWID FARBANIEC
August 19, 2022
Collecting information about the domain environment with SharpHound A program that collects domain environment data – SharpHound is a component of the BloodHound tool. The collection of environmental data starts when SharpHound.exe is run on one of the computers. ...
READ article
Windows security: reconnaissance of Active Directory environment with BloodHound - part 1.
DAWID FARBANIEC
July 2, 2022
Windows security: reconnaissance of Active Directory environment with BloodHound. In this article we will take a closer look at the BloodHound tool – Six Degrees of Domain Admin. The application was developed in JavaScript and built using the Electron platform. The graphical visualization uses the Neo4j database. During the experiment, we will use a Windows …
READ article
Windows security – what is LSASS dump. How to protect against it? Part 1.
DAWID FARBANIEC
June 9, 2022
Windows security – what is LSASS dump. How to protect against it? The ability of Advanced Persistent Threat (APT) groups and other threat actors to take a dump of Windows credentials is a serious threat especially to enterprises and other organizations. The MITRE ATT&CK knowledge base, which is created primarily to support defense against cyber …
READ article
fail2ban – Remote Code Execution
JAKUB ŻOCZEK
April 4, 2022
In this article we will discuss a recently published vulnerability in quite popular software – fail2ban (CVE-2021-32749). Under the right conditions, this bug could be exploited to achieve code execution with root privileges. Luckily, it is difficult for a “normal” attacker to achieve. This vulnerability is rooted in a way the mail command from the …
READ article
Is running legacy software with no publicly known exploits safe?
Krzysztof Bierówka
15 may 2023
There is a lot of legacy software running all over the network. This is an excellent example of technological debt. And the debt means that we are borrowing. We borrow time before compromise. It’s quite easy to identify that some software or system is outdated and no longer supported. Yet, it seems that no one …
READ article
Comparison of reverse image searching in popular search engines [OSINT hints]
KRZYSZTOF WOSIŃSKI
August 11, 2021
A little experiment – comparison of Google, Bing and Yandax in terms of reverse image search. Guest post by Krzysztof Wosinski
READ article
Helping secure DOMPurify
MICHAŁ BENTKOWSKI
December 21, 2020
In this blog post I share my experience with helping secure DOMPurify and trying to kill an entire class of bypasses
READ article
Mutation XSS via namespace confusion – DOMPurify MICHAŁ BENTKOWSKI
September 21, 2020
MICHAŁ BENTKOWSKI
September 21, 2020
In this blogpost I’ll explain my recent bypass in DOMPurify – the popular HTML sanitizer library. In a nutshell, DOMPurify’s job is to take an untrusted HTML snippet, supposedly coming from an end-user, and remove all elements and attributes that can lead to Cross-Site Scripting (XSS). This is the bypass: Believe me that there’s not …
READ article
Prototype pollution – and bypassing client-side HTML sanitizers
MICHAŁ BENTKOWSKI
August 18, 2020
In this article I’ll cover the prototype pollution vulnerability and show it can be used to bypass client-side HTML sanitizers. I’m also considering various ways to find exploitation of prototype pollution via semi-automatic methods. It could also be a big help in solving my XSS challenge. Prototype pollution basics Prototype pollution is a security vulnerability, …
READ article
HTML sanitization bypass in Ruby Sanitize michał bentkowski
July 22, 2020
michał bentkowski
July 22, 2020
On Jun 16, 2020 a security advisory for Ruby Sanitize library was released about an issue that could lead to complete bypass of the library in its RELAXED config. I have found this bug during a penetration test conducted by Securitum, and in this post I’ll explain how I came up with the idea of …
READ article
Marginwidth/marginheight – the unexpected cross-origin communication channel
Michał bentkowski
July 13, 2020
On 6th July 2020 I’ve announced a XSS challenge on my Twitter. So far only four people were able to solve it and every single one of them told me that they had never heard about the quirk used in the challenge before. So here’s a writeup explaining this quirk along with some backstory. The …
READ article
Art of bug bounty: a way from JS file analysis to XSS
Jakub Żoczek
July 1, 2020
Summary: During my research on other bug bounty program I've found Cross-Site Scripting vulnerability in cmp3p.js file, which allows attacker to execute arbitrary javascript code in context of domain that include mentioned script. Below you can find the way of finding bug bounty vulnerabilities
READ article
Protecting against social engineering-based attacks – an introduction
KRZYSZTOF WOSIŃSKI
January 27, 2020
On designing or analyzing the security in IT systems an important question which has to be taken into account, aside from the wide range of digital security solutions, is the fact that one of the key elements of each and every system is its interaction with the user.
READ article
