inotify on Shared Servers

We all have faced an issue at one point in our engineering adventures that we need to create a form of watchdog. We have to watch for a certain activity on a certain file or folder, before we perform a set of actions. Thankfully in Linux, there is a function called inotify, which allows you to […]

AS and BGP

Autonomous Systems The Internet (with a capital I) is a huge mesh of networks of networks. Within the networks are a more sub-networks, or IP addresses belonging to the network. An AS, or Autonomous System, is a collection of IP addresses that are logically grouped together to form a network. When one machine in one […]

DNS: Hunting Perspective

In a separate post, we talked about the possible different attack vectors of DNS. That post is not entire complete, and there are many more creative ways to use DNS as an attack vector. In this post however, we’re going to be looking at the more technical aspects of DNS, such as the protocols, byte […]

Flow

I’m half-way through the book Flow by Mihaly Csikszentmihalyi, and some of the concepts I read were mindset shifting. So even if I’ve yet to finish reading the book, I thought I would write a little about it to really solidify the concept Psychic Entropy Psychic entropy is the state where the mind is perturbed […]

HTB: Starting Point

Going to start some hackthebox to learn more stuff. While I have skills in the detection area, working with Netflow and DNS, I don’t have a strong offensive mindset. Perhaps that will be beneficial, thinking in terms of offense to develop a better defense. Set the ports to scan: ports=$(nmap -p- –min-rate=1000 -T4 10.10.10.27 | […]

Server Side Request Forgery

Server Side Request Forgery, or SSRF, is an attack where the attacker is able to make a request to an internal resource by pivoting through the server. By leveraging on the server to make a request to the internal resource, the request become seen as legitimate, because internal systems usually trust each other. SSRF through […]

XSS – Revisited

I’ve been doing this lessons by Pentesterlabs, and i’ve learnt a few new things there, which is always great! To be honestly, i’ve never had any proper training or course in terms of offensive cyber security, especially the web. My experiences have mostly been centered around the Linux kernel, which is pretty niche and narrow. In […]

Strengths Finder; And mine

First off, before I begin, I just want to say that I picked this book up for a steal of $5, where the original cost was somewhere around $30. I think I might visit book fairs more often, but the downside being that they don’t usually carry very good quality books, both in terms of […]

DNSSEC

In the previous post, we talked about some of the attack vectors on the DNS. In this post, we’re going to be talking about DNSSEC, which is an attempt to make the DNS more secure. A point to note, DNSSEC does not provide Confidentiality, but only Integrity. Integrity in this case is ensuring that the […]

DNS Attack Vectors

Before looking at DNS Attack Vectors, let’s do a quick recap of what a DNS is, and what are it’s functions. What is a DNS? DNS, or Domain Name System, is a server that provides Name to IP Address resolution. When people visit websites, it’s much easier for them to remember words, such as Facebook […]