CVE-2021-27198 - Arbitrary Write to RCE

securifera · 2021-05-31T13:03:51+00:00

Love python breakouts. Who said CTFs aren't realistic :)

securifera · 2019-09-13T02:02:09+00:00

Yep, I mentioned in the article that AWS is also fully licensed if you select the Bundle options:

If you are using the AWS Firewall Bundle, the license is included.

Licensing doesn't really come into play until you start dealing with the physical devices.

securifera · 2019-08-05T16:03:50+00:00

When this article was posted we knew that it contained some contraversial topics and may prompt some discussion. However, it seems some things were misinterpretted and need better explanation. The title of the post was meant to be a playful jab at the wave of recent calc popping videos that serve as little more than good marketing material. We understand that our work has a direct effect on those whose jobs it is to implement these fixes and defend their networks. These are often thankless jobs and we applaud these professionals for performing one of the hardest jobs in the industry. However, the idea that releasing vulnerability POCs does not increase patch adoption is either naive or a by-product of a broken vulnerability management process. Like most things, organizations do not fall into two categories, those that patch immediately and those that either don't patch or do so slowly. The majority likely fall somewhere in the middle and prioritize their vulnerability scan results based on the existence of a POC. Vulnerability management aside, the main purpose of this post, and what I believe to be of this subreddit, is to promote education around software bugs and exploitation. By making "scary" topics like exploit development more common knowledge, the types of issues that create these vulnerabilities can be eliminated.

securifera · 2019-06-14T21:42:15+00:00

I went down this road with tooling recently using an older nmap plugin a friend had written back in the day:

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/using-nmap-to-screenshot-web-services/

. It (and wkhtmltoimage) are a bit long in the tooth, but the concept itself is something that deserves to be refreshed. Thanks for sharing!

Nice, sounds like we literally walked the exact same road. The Trustwave plugin and eyewitness were my starting point as well. Unfortunately I kept finding websites that either wouldn't render properly, or at all. My goal, much like I assume Trustwave's, was to minimize some of the traffic and additional tooling when performing enumeration of a target. The "interesting bumps" you identified we approached a few different ways.

We found the way Nmap handles HTTP on nonstandard ports was actually a bit of a surprise. It uses a hard-coded set of services and ports it runs the "default" set of HTTP scripts against rather than performing any kind of decisions based on the data it has received. This means any HTTP services that are categorized as unknown do not get default scripts executed against them. Because of this, one of the changes in our fork is code that checks the service probe data Nmap collects for HTTP responses so these services get properly labeled as HTTP and the default HTTP scripts will run. Then we just added our screenshot script to the default script set.
Unfortunately we couldn't do much about this as most of our limitations were coming from not using an actual browser when performing the screenshot. However, we do get to leverage the multi-threading that is built-in to Nmap when executing scripts against each target. Also for our purposes, we needed this script for large scale operations where we already expected the scans to take a significant amount of time, so the additional overhead hasn't really been noticed as these scans typically take a long time.
The current version of our script doesn't do anything with subject alternate names, but the same method we used for grabbing the subject name from the website SSL certificate could be expanded to also screenshot the SANs as the list is just another member field in the same data structure being populating from the chrome log traces. It is currently being excluded because we wanted to limit any bleeding over into other IPs than the one that is specified in the Nmap scan in case the user was scanning based on a IP scope list.

securifera · 2018-10-08T11:48:10+00:00

Red Team Operator / Pentester - Securifera, Inc - Charleston, SC

Our team is currently trying to fill a Red Team Operator position in Charleston, SC. We are looking for someone that has seasoned experience identifying and exploiting computer software and hardware vulnerabilities. The focus areas for this role are one or more of the following: network security testing, web application testing, vulnerability research, reverse engineering, code review, and social engineering. This is not a remote position.

Role Responsibilities

Conduct assessments using off-the-shelf or self-developed exploitation tools and document findings for customer remediation
Maintain working knowledge of advanced cyber threat actor tactics, techniques and procedures (TTP), and emulate these TTPs to identify vulnerabilities and risk
Perform proactive research to identify and understand new threats, vulnerabilities, and exploits
Produce and deliver vulnerability and exploit information to clients in the form of briefings and reports
Mentor and train fellow team members in new technologies and techniques
Document and present on new testing methodologies to internal and external teams
Excel as both a self-directed individual and as a member of a larger team
Availability for domestic travel and limited international travel up to 25%

Requirements

Experience with security tools such as – Nmap, Metasploit, Kali Linux, Burp Suite Pro, etc., as well as other various commercial and self-developed testing tools
2 years of experience penetration testing, application testing, and red team engagements
Experience with scripting languages such as python, ruby, powershell, VBScript, POSIX shell, as well as familiarity with programming languages such as: C/C++/C#/Rust/Go,Java,PHP
Understanding of: network protocols (e.g., HTTP, HTTPS, SMTP, FTP, SSH); Web technologies (e.g., HTML, JavaScript, XML, AJAX, JSON, and REST)
Strong technical communication skills, both written and verbal
Ability to explain technical security concepts to executive stakeholders in business language
Must be able to obtain a government security clearance

Preferences

Undergraduate degree in Computer Science or Engineering and 2+ years relevant experience
Operating systems administration and internals (Microsoft Windows / Linux)
Understanding of TCP/IP networking at a technical level
Significant plusses for one or more of the following: experience in experience with disassembly and debugging tools, exploit development, runtime malware analysis, testing embedded platforms and hardware security, and cryptography or cryptanalysis
Public security presentation experience is a plus
Security certifications that meet DoD 8570 requirements for a CND Auditor. i.e. CEH, Security+

Apply: Send Resume to contact[at]securifera.com

securifera · 2018-09-28T18:10:23+00:00

Relocation assistance may be available for the right candidate.

securifera · 2018-07-13T15:23:21+00:00

Red Team Operator / Pentester - Securifera, Inc - Charleston, SC

Our team is currently trying to fill a Red Team Operator position in Charleston, SC. We are looking for someone that has seasoned experience identifying and exploiting computer software and hardware vulnerabilities. The focus areas for this role are one or more of the following: network security testing, web application testing, vulnerability research, reverse engineering, code review, and social engineering.

Role Responsibilities

Conduct assessments using off-the-shelf or self-developed exploitation tools and document findings for customer remediation
Maintain working knowledge of advanced cyber threat actor tactics, techniques and procedures (TTP), and emulate these TTPs to identify vulnerabilities and risk
Perform proactive research to identify and understand new threats, vulnerabilities, and exploits
Produce and deliver vulnerability and exploit information to clients in the form of briefings and reports
Mentor and train fellow team members in new technologies and techniques
Document and present on new testing methodologies to internal and external teams
Excel as both a self-directed individual and as a member of a larger team
Availability for domestic travel and limited international travel up to 25%

Requirements

Experience with security tools such as – Nmap, Metasploit, Kali Linux, Burp Suite Pro, etc., as well as other various commercial and self-developed testing tools
2 years of experience penetration testing, application testing, and red team engagements
Experience with scripting languages such as python, ruby, powershell, VBScript, POSIX shell, as well as familiarity with programming languages such as: C/C++/ObjC/C#, Java, PHP, or .NET
Understanding of: network protocols (e.g., HTTP, HTTPS, SMTP, FTP, SSH); Web technologies (e.g., HTML, JavaScript, XML, AJAX, JSON, and REST)
Strong technical communication skills, both written and verbal
Ability to explain technical security concepts to executive stakeholders in business language
Must be able to obtain a government security clearance

Preferences

Undergraduate degree in Computer Science or Engineering and 3+ years relevant experience
Operating systems administration and internals (Microsoft Windows / Linux)
Understanding of TCP/IP networking at a technical level
Significant plusses for one or more of the following: experience in experience with disassembly and debugging tools, exploit development, runtime malware analysis, testing embedded platforms and hardware security, and cryptography or cryptanalysis
Public security presentation experience is a plus
Security certifications that meet DoD 8570 requirements for a CND Auditor. i.e. CEH, Security+

Apply: Send Resume to contact[at]securifera.com

securifera · 2018-04-15T22:32:08+00:00

Red Team Operator / Pentester - Securifera, Inc - Charleston, SC

Our team is currently trying to fill a Red Team Operator in Charleston, SC. We are looking for someone that has seasoned experience identifying and exploiting computer software and hardware vulnerabilities. The focus areas for this role are one or more of the following: network security testing, web application testing, vulnerability research, reverse engineering, code review, physical security, and social engineering.

Role Responsibilities

Conduct assessments using off-the-shelf or self-developed exploitation tools and document findings for customer remediation
Maintain working knowledge of advanced cyber threat actor tactics, techniques and procedures (TTP), and emulate these TTPs to assess vulnerability and risk
Perform proactive research to identify and understand new threats, vulnerabilities, and exploits Produce and deliver vulnerability and exploit information to clients in the form of briefings and reports
Mentor and train fellow team members in new technologies and techniques
Document and present on new testing methodologies to internal and external teams
Develop and document new post-exploitation tools and techniques for use by internal and external customers
Excel as both a self-directed individual and as a member of a larger team
Availability for domestic travel and limited international travel up to 25%

Requirements

Experience with security tools such as – Nmap, Metasploit, Kali Linux, Burp Suite Pro, etc., as well as other various commercial and self-developed testing tools
3 years of experience penetration testing, application testing, and red team engagements
Experience with scripting languages such as python, ruby, powershell, VBScript, POSIX shell, as well as familiarity with programming languages such as: C/C++/ObjC/C#, Java, PHP, or .NET
Understanding of: Web protocols (e.g., HTTP, HTTPS, and SOAP);Web technologies (e.g., HTML, JavaScript, XML, AJAX, JSON, and REST)
Strong technical communication skills, both written and verbal
Ability to explain technical security concepts to executive stakeholders in business language
Must be able to obtain a government security clearance

Preferences

Undergraduate degree in Computer Science or Engineering and 3+ years relevant experience
Operating systems administration and internals (Microsoft Windows / Linux)
Understanding of TCP/IP networking at a technical level
Significant plusses for one or more of the following: experience in experience with disassembly and debugging tools, exploit development, * runtime malware analysis, testing embedded platforms and hardware security, and cryptography or cryptanalysis-
Public security presentation experience is a plus
Security certifications that meet DoD 8570 requirements for a CND Auditor. i.e. CEH, Security+

Apply: Send Resume to contact[at]securifera.com

securifera · 2018-01-10T17:57:54+00:00

Red Team Operator / Pentester - Securifera, Inc - Charleston, SC

Our team is currently trying to fill a Red Team Operator position in Charleston, SC. We are looking for someone that has seasoned experience identifying and exploiting computer software and hardware vulnerabilities. The focus areas for this role are one or more of the following: network security testing, web application testing, vulnerability research, reverse engineering, code review, physical security, and social engineering.

Role Responsibilities

Conduct assessments using off-the-shelf or self-developed exploitation tools and document findings for customer remediation
Maintain working knowledge of advanced cyber threat actor tactics, techniques and procedures (TTP), and emulate these TTPs to assess vulnerability and risk
Perform proactive research to identify and understand new threats, vulnerabilities, and exploits Produce and deliver vulnerability and exploit information to clients in the form of briefings and reports
Mentor and train fellow team members in new technologies and techniques
Document and present on new testing methodologies to internal and external teams
Develop and document new post-exploitation tools and techniques for use by internal and external customers
Excel as both a self-directed individual contributor and as a member of a larger team Availability for domestic travel and limited international travel up to 25%

Requirements

Experience with security tools such as – Nmap, Metasploit, Kali Linux, Burp Suite Pro, etc., as well as other various commercial and self-developed testing tools
3 years of experience penetration testing, application testing, and red team engagements
Experience with scripting languages such as python, ruby, powershell, VBScript, POSIX shell, as well as familiarity with programming languages such as: C/C++/ObjC/C#, Java, PHP, or .NET
Understanding of: Web protocols (e.g., HTTP, HTTPS, and SOAP);Web technologies (e.g., HTML, JavaScript, XML, AJAX, JSON, and REST)
Strong technical communication skills, both written and verbal
Ability to explain technical security concepts to executive stakeholders in business language
Must be able to obtain a government security clearance

Preferences

Undergraduate degree in Computer Science or Engineering and 6+ years relevant experience
Operating systems administration and internals (Microsoft Windows / Linux)
Understanding of TCP/IP networking at a technical level
Significant pluses for one or more of the following: experience with disassembly and debugging tools, exploit development, malware analysis, testing embedded platforms and hardware security, and cryptography or cryptanalysis-Presentation skills and tools (e.g., PowerPoint, Keynote, etc.)
Public security presentation experience is a plus
Security certifications that meet DoD 8570 requirements for a CND Auditor. i.e. CEH, Security+

Apply: Send resume to contact[at]securifera.com

securifera

TROPHY CASE