Posts

Bad.Build Flaw in Google Cloud Build Raises Concerns of Privilege Escalation

Image
      On July 19, 2023, cybersecurity researchers made a concerning discovery regarding a privilege escalation vulnerability in Google Cloud. Termed "Bad.Build," the flaw could potentially allow malicious actors to tamper with application images and infect users, resulting in supply chain attacks. The vulnerability is found in the Google Cloud Build service and was identified by cloud security firm Orca, which subsequently reported the issue. By exploiting this flaw, attackers can impersonate the default Cloud Build service, granting them the ability to manipulate images in the Google Artifact Registry and inject malicious code. Any applications built from these manipulated images could then be affected. The risk extends beyond the supplying organization's environment, potentially impacting their customers' environments, presenting a significant supply chain risk. Upon responsible disclosure, Google has issued a partial fix. However, the privilege escalation vector ha...

Zero-Day Attacks Exploited Critical Vulnerability in Citrix ADC and Gateway

Image
      On July 19, 2023, Citrix issued a warning about a critical security vulnerability affecting its NetScaler Application Delivery Controller (ADC) and Gateway products. The vulnerability, known as CVE-2023-3519 (with a CVSS score of 9.8), involves a code injection issue that is actively being exploited in the wild. The flaw allows for unauthenticated remote code execution, posing a significant risk to affected systems. The impacted versions include: NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.13 NetScaler ADC and NetScaler Gateway 13.0 before 13.0-91.13 NetScaler ADC and NetScaler Gateway version 12.1 (which is currently end-of-life) NetScaler ADC 13.1-FIPS before 13.1-37.159 NetScaler ADC 12.1-FIPS before 12.1-55.297 NetScaler ADC 12.1-NDcPP before 12.1-55.297 Citrix has not provided extensive details about the specific nature of the vulnerability associated with CVE-2023-3519. However, they have confirmed that exploits for this flaw have been detected on ...

Red Teaming - A comprehensive approach

Image
      Red teaming is a comprehensive and systematic approach to testing the security of an organization's systems, networks, and physical facilities. It is a proactive approach that helps organizations identify and mitigate potential security risks by simulating real-world attack scenarios. The objective of red teaming is to identify vulnerabilities, weaknesses, and gaps in an organization's security posture and to help the organization improve its security defenses. Red teaming typically involves a team of experienced security professionals who are given the task of testing an organization's security. These professionals use a variety of techniques, tools, and methodologies to simulate different types of attacks, including social engineering, physical security breaches, network and application attacks, and other methods commonly used by hackers and other threat actors. The goal of a red team is to replicate the tactics, techniques, and procedures of real-world attackers,...

SQLmap Automated SQL injection tool

Image
  SQLMap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection vulnerabilities in web applications. It is written in Python and is available on Linux, Windows, and macOS. SQLMap is a powerful tool that can be used by security professionals, penetration testers, and ethical hackers to identify and exploit SQL injection vulnerabilities in web applications. SQL injection is a type of security vulnerability that allows an attacker to manipulate a web application's SQL database by injecting malicious SQL statements into an entry field, such as a search field or a login form. This can lead to data theft, data manipulation, and even complete control of the web application and its underlying database. SQLMap works by sending various SQL injection techniques to the targeted web application to identify vulnerabilities. It supports a wide range of database management systems such as MySQL, Oracle, PostgreSQL, Microsoft SQL ...

Password spraying attack

Image
      A password spraying attack is a type of brute-force attack where an attacker tries a single password against multiple usernames. The goal of a password spraying attack is to gain access to a target's account by guessing the correct password. Unlike traditional brute-force attacks that try multiple passwords against a single username, password spraying attacks try a single password against multiple usernames. Password spraying attacks are effective because many users tend to use weak passwords or reuse the same password across multiple accounts. Attackers can use tools to automate the process of trying a single password against multiple usernames, making it a relatively easy and low-risk attack to carry out. To execute a password spraying attack, an attacker first gathers a list of usernames, typically by scanning social media profiles, company directories, or other public sources. Once the attacker has a list of usernames, they will use a tool to automate the proces...

Lateral Movement

Image
  Lateral movement is a technique used by cyber attackers to move laterally within a network, after gaining initial access. This technique allows attackers to traverse through the network and gain access to sensitive data, systems, and resources. Lateral movement is a critical component of a successful cyber attack, and it is becoming increasingly popular among attackers. Lateral movement is possible due to the interconnected nature of modern networks. Once an attacker gains access to a single device or system, they can use that access to pivot to other systems within the network. Attackers often use tools like remote desktop protocol (RDP), PowerShell, and command-line tools to move laterally. They may also exploit vulnerabilities in software or operating systems to escalate their privileges and gain greater access to the network. Lateral movement can take various forms, depending on the attacker's objectives and the network's topology. Some common techniques include: Pass-the...

OpenVAS Scanner - The Network Vulnerability scanner

Image
  OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The framework is part of Greenbone Networks' commercial vulnerability management solution from which developments are contributed to the Open Source community since 2009. in kali openvas is not present by default. We have to install it manually, for installing openvas open a terminal and enter apt install openvas to open openvas Goto Applications >> Vulnerability Analysis >> openvas start         login with your username and password, the default username is admin and the default password is created at the end of installation. If you missed the password just reset it by using the command openvasmd --user=admin –new-password=admin123 ( give your desired password) After logging in the dashboard will be like this...

Avet – Open Source Anti-Virus Evasion Tool

Image
When we want to perform an exploitation to a windows target, we need a payload that is undetectable to Antivirus Solutions. Msfvenom on its own is not enough. So we need an AV evasion tool to make this easy for us. Avet is a tool for building exe files with shellcode payloads for antivirus evasion. Installing Avet First clone the repository to our machine. git clone https://github.com/govolution/avet.git   After that go inside the folder and run the setup file to install wine and other missing components. cd avet/       Run the setup file to install the missing components.   ./setup.sh     Select create  for new installation   Running Avet There are two ways to run avet. Run avet by typing the command below. python avet_fabric.py   There are two ways to run avet. Either by compiling the make_avet script as shown below, or by  running the avet_fabric.py scr...

Nikto - The powerful WEBSERVER Scanner

Image
Nikto is an Open Source (GPL) web server scanner. It can perform comprehensive tests against web servers for multiple items, for over 6700 potentially dangerous files/programs and can check for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It will also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated or it can be automatically updated. Nikto is not a stealthy tool. It will test a web server in the quickest time possible, and will generate logs in in log files or an IPS/IDS. Not every check is a security problem, though most are. There are some items that are "info only" type checks that look for things that may not have a security flaw, but the webmaster or security engineer may not know are present on the server. These items are usually marked appropr...