Oracle EBS Security auditing

So this is my attempt to improve on this post I wrote last year and other tests that I find helpful. Whatever is outlined here really is a tip of the iceberg and further tests should definitely be done depending on scope, objectives… Application testing: Controls to test: Default application account credentials Weak application passwordContinue reading “Oracle EBS Security auditing”

From Shodan to Remote Code Execution #3: Hacking the Belkin N600DB Wireless Router

Our newest post of this interesting series of Shodan to RCE takes us to Belkin routers. Shodan search: “Server: httpd” “Cache-Control: no-cache,no-store,must-revalidate, post-check=0,pre-check=0” “100-index.htm” As at the time of writing this post, there were not so many results for the Belkin routers )-: By navigating to one of the shodan search results, we may getContinue reading “From Shodan to Remote Code Execution #3: Hacking the Belkin N600DB Wireless Router”

Blackhat Europe 2017 – conference notes

I had the pleasure to attend the Blackhat Europe 2017 in London – and it was enlightening! In this post, I shall provide links to the slide decks, videos and tools shared during the demonstrations, briefings and various talks. The abstracts for the briefings can be found on the official Blackhat Europe website.   1.Black HatContinue reading “Blackhat Europe 2017 – conference notes”

From Shodan to Remote Code Execution #1 – hacking Jenkins

In this era of extreme automation, whether for development, programming deployment or even security management are we getting closer to security maturity or are we better off without the automation? In the next posts, I hope to uncover some of the tools/ applications employed on enterprises geared towards automation and better security but end upContinue reading “From Shodan to Remote Code Execution #1 – hacking Jenkins”

SAMBAry save us!!

Remember linux users laughing at Windows users because of the now all too famous Wannacry? Karma. According to Samba, “All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load andContinue reading “SAMBAry save us!!”

From Shodan to Remote Code Execution #2 – hacking OpenDreambox 2.0.0

A sequel to the last post of what is now becoming a series of “From Shodan to remote code execution”, we now take a look at how to hack misconfigured Dreambox installations. Dreambox is a company which offers Digital TV set top boxes and other related services. Shodan search: Perform a shodan search as below:Continue reading “From Shodan to Remote Code Execution #2 – hacking OpenDreambox 2.0.0”

Exploiting Windows with Eternalblue and Doublepulsar with Metasploit!

Most of us got hold of the NSA exploits recently released to the public and there was so much hype and public statements around it. A lot has been said, and most vendors came out to defend their products and to release patches to downplay/mitigate the impact of these exploits. In the exploits, we cameContinue reading “Exploiting Windows with Eternalblue and Doublepulsar with Metasploit!”

Penetration testing Sharepoint

Like any normal web application, Sharepoint may fall prey to OWASP Top 10 vulnerabilities with a special focus on XSS, mostly due to inadequate patching and misconfiguration. On this post, we focus on recon / what sharepoint is exposing. Google Dorks FTW!: Some google dorks to help you find sharepoint installations exposed to the webContinue reading “Penetration testing Sharepoint”

Word Heist!

So, I stumbled upon an interesting script. Over the years, I have been using various tools and scripts to do spear phishing; with the many vulnerabilities in Microsoft Office Suite and Adobe PDF reader being enablers and the ability to embed macros being an even bigger enabler. But things have changed and users are now keenContinue reading “Word Heist!”

Do you know what your ERP is telling us?

Interesting engagement I had a few weeks ago, a client wanted assurance on their ERP – Oracle E-Business suite, to be specific. I spent a few weeks just to formulate an efficient strategy and be able to cover most controls from an insider threat perspective and an external authenticated attacker angle. For this post, IContinue reading “Do you know what your ERP is telling us?”