A blog post about some post exploitation scenarios with MySQL, MSSQL, PostgreSQL and Oracle that use SQL Injection to make network requests resulting in Server Side Request Forgery/Cross Site Port Attacks.| i break software - My work with different software, bug hunting and interesti...
Slides of my talk on using mis-configurations, overtly permissive IAM policies and application security vulnerabilities to get shells in AWS EC2 instances and go beyond the plane of attack. Presented at OWASP Bay Area August 2019 meetup.| i break software - My work with different software, bug hunting and interesti...
A quick blog post to show how I move files between a remote desktop connected machine and my local linux host via a Windows virtual machine and a SOCKS proxy.| i break software - My work with different software, bug hunting and interesti...
Slides of my talk on the versatality of JavaScript, presented at JSFoo Coimbatore 2019.| i break software - My work with different software, bug hunting and interesti...
A step by step guide to detecting and exploiting a Blind SQL Injection using Burp Suite Intruder.| i break software - My work with different software, bug hunting and interesti...
A blogpost that shows a practical approach to setting up malware to run on Windows using the Linux subsystem and wine to avoid detection.| i break software - My work with different software, bug hunting and interesti...
Enabling the abililty to use psexec over the network when credentials are available by toggling a value in the Windows registry.| i break software - My work with different software, bug hunting and interesti...
Small piece of code written in .NET to create a binary that when run will mute the speaker. Uses Windows API (SendMessage).| i break software - My work with different software, bug hunting and interesti...
Creating a auto submit (body onload) form when an input button called submit exists. Very common CSRF exploit PoC.| i break software - My work with different software, bug hunting and interesti...
A quick video post showing the XSPA/SSRF bug found with Yahoo! Developer Network. This bug allowed for network port scanning and banner grabbing.| i break software - My work with different software, bug hunting and interesti...
A quick video post showing the XSPA/SSRF bug found with Adobe’s Omniture web application. This bug allowed for local file reads apart from being able to make arbitrary network requests.| i break software - My work with different software, bug hunting and interesti...
This is the second post in the 3 part series that explains XSPA, the attacks and possible countermeasures.| i break software - My work with different software, bug hunting and interesti...
Cross Site Port Attack (XSPA) is a vulnerability that allows attackers to fetch status of TCP ports (and grab service banners) over the Internet or internal systems by abusing a feature in web applications that makes HTTP requests using attacker supplied URLs.| i break software - My work with different software, bug hunting and interesti...
Writeup of the Capture the Flag event at c0c0n 2011.| i break software - My work with different software, bug hunting and interesti...
Multiple XSS and CSRF issues in Apache Archiva version 1.3.4. Disclosure blogpost.| i break software - My work with different software, bug hunting and interesti...
Simple VBScript using XMLHTTP to fetch usernames from a WordPress installation using the ?author= redirect feature.| i break software - My work with different software, bug hunting and interesti...
Multiple XSS reported to Joomla! CMS. CVE-2010-1649 assigned.| i break software - My work with different software, bug hunting and interesti...
A malware that used NTFS Alternate Data Streams and Windows services to send spam on the Internet.| i break software - My work with different software, bug hunting and interesti...
A malware infection, sysinternal’s process explorer and lots of amateurish hunting around!| i break software - My work with different software, bug hunting and interesti...
A quick blog post to investigate what instance-identity security credentials are that can be generated using the metadata instance on every EC2 instance in AWS, even when no role is attached to the instance.| i break software - My work with different software, bug hunting and interesti...
A simple UAC bypass to launch programs using the Device Manager on Windows 10. Requires access to GUI. Limited usage but fun conceptually.| i break software - My work with different software, bug hunting and interesti...
An example proof of concept to show bad programming practice in nodejs that allows for user supplied data to be executed on the server.| i break software - My work with different software, bug hunting and interesti...
A real world example of how an XSS in the administration portal of a WordPress instance can lead to an RCE by uploading a webshell using the XSS.| i break software - My work with different software, bug hunting and interesti...
A simple Python script that can be used to brute force the password of a password protected PDF file.| i break software - My work with different software, bug hunting and interesti...
A reusable function that can be used to obtain the username given a Process ID on Windows. Code is in VB.NET.| i break software - My work with different software, bug hunting and interesti...
A simple client server Proof of Concept to show how websockets can be used to transfer and execute commands.| i break software - My work with different software, bug hunting and interesti...
The first XSPA/SSRF bug that led to the discovery of this issue in other applications and eventually a paper that was presented at multiple conferences.| i break software - My work with different software, bug hunting and interesti...
Bug writeup for a CSRF vulnerability in Twitter that allowed an attacker to trick a user into deleting the addressbook remotely.| i break software - My work with different software, bug hunting and interesti...
This is the third post in the 3 part series that explains XSPA, the attacks and possible countermeasures. In this post we will see other interesting attacks and also see how developers can prevent XSPA or limit the attack surface itself.| i break software - My work with different software, bug hunting and interesti...