I just sat through a webinar by the folks at Red Canary, and they covered some questions regarding threat detection using the MITRE ATT&CK framework. The webinar sat down with the researchers who created MITRE, and it was quite insightful. Here are some of the notes I took that may be useful for present and […]
If we look at source codes of HTML forms, we typically can spot this field being rendered on the webpage Sometimes it doesn’t have the name called CSRF Token, and it just appears as a random gibberish value being loaded. This post breaks down the purpose of the token, and what happens behind the scenes […]
Terminologies Ping: An command to discover the availability of a target machine. It sends an ICMP Echo Request, and waits for an Echo Reply TTL: Time-To-Live, which tells the network routers how long the packet should live. For each router that passes the packet on, the TTL reduces by 1. Once TTL reaches 0, the […]
Hardening means to make the something more secure and resilient to attacks. When people talk about hardening, they usually talk about server hardening, which includes things like IP / MAC address white listing Closing unused ports Uninstalling unused systems Disabling root login (no one can login as root, only a normal user who can sudo) […]
Earlier this week, I wrote a post on DNS tunneling, and how to pass information over the web through the DNS protocol by stuffing information in the DNS Name Resolution process. In this post, we’re going to look at how to setup and host your own DNS server. And because you’re hosting it, you can […]
Secure Boot is a verification mechanism to ensure that code launched by the firmware is trusted. It ensures that all system level drivers are signed and trusted. Before we talk about secure boot and how it works, we need to have some understand of UEFI (Unified Extensible Firmware Interface) Overview of BIOS and UEFI Both […]
Not Computer Generated Imagery, but cgi pages you see when you visit webpages. CGI stands for Common Gateway Interface, and it acts as the Controller in the MVC framework. To give a complete picture, in a web application, the Model is the database, the View is the front-end HTML/CSS, and the Controller is the logic […]
C2 Communication and Disruption When a machine gets infected by a malware, it can start receiving command from it’s C2 server to perform unwanted activities. Examples of this are a machines infected with botnets or ransomware, where the C2 server will send commands down to the victim machine, and the machines can send replies back. […]
I decided to revisit some fundamental security concepts again, and one of which I used in my previous employment was Process Injection. Process Injection is a technique of running your own code within the address space of another process. The hard part is getting your code in that address space, but there are numerous ways […]
During my course of security research work, I came across this concept of web beacons, which is a clever way of knowing who has opened up a document. A Web Beacon is an element inside the document, that is not a saved resource. Rather, the element sends a request out to a server to retrieve […]
