Cybersecurity information flow

- August 22, 2022
Let’s dive into it!
Dear Infosec,
I am excited to share with you my experience of discovering a security vulnerability in Google’s open-source software (OSS) last year. Imagine acquiring an acknowledgement from one of the biggest tech companies in the world for uncovering a security vulnerability in their open-source software. It was an exhilarating experience, but also one that taught me a lot about the importance of security research and the challenges that come with it.
In this blog post, I want to share my journey of hacking Google’s OSS, from the initial discovery to the reporting process and beyond. I hope that by sharing my experience, others will be inspired to pursue similar work and contribute to the ongoing effort to keep our digital world safe and secure.
Google Cloud Platform (GitHub) contain code samples used on cloud.google.com Here’s the GitHub link. I decided to put my skills to the test by reviewing a Python repository (REDACTED) because it’s a language I’m acquainted with 

JSON Web Tokens (JWTs), sometimes pronounced “JOT,” are vital in securing access to your application’s resources by providing a compact, URL-safe way to represent claims between two parties. However, validating JWT tokens before processing them is essential to ensure the utmost security. In this article, we’ll explore the significance of validating JWT tokens, the need for solid algorithm signatures, checking for issuer, audience, and expiration, and the security consequences of using the evil ‘none’ algorithm.
The Importance of Validating JWT Tokens
Failing to validate JWT tokens may expose your application to various security vulnerabilities. A malicious user can tamper with the token’s content, impersonate other users, or even access unauthorized resources. By validating JWT tokens, you confirm that the claims within the token are trustworthy, the token hasn’t been tampered with, and the user has permission to access the requested resources.
Strong Algorithm Signing
Using strong algorithms ensures that tok

In this article, I will be discussing XXE injection and SQL injection attacks that I did for picoCTF 2023
Continue reading on InfoSec Write-ups »

5 actions to minimize damage of a dangerous iPhone security flaw that thieves are increasingly targeting
Photo illustration: Elena Scotti, Kenny Wassus; Wall Street Journal
The Wall Street Journal and several other news outlets have been recently reporting a phone theft scheme involving “shoulder surfing”, where thieves watch their victim type in their phone passcode, before stealing their phone. This phenomenon is on the rise, especially in cities such as NYC.
Normally if your iPhone is stolen, you can login to your iCloud account from a separate device to remotely erase the device. However, with the iPhone’s passcode in hand, a thief can use that passcode to reset your Apple ID password — logging you out of your account forever. After doing this, the thief has complete access of everything on your phone, and you have no way of stopping them. This method is being used to commit identity fraud, take money out of bank accounts, and more.
This extremely stressful situation happened recently to someone I met, an

Ready for OWASP?
Web application security is a critical component of any online platform, yet many developers and organizations struggle to identify and address common vulnerabilities. In this tutorial, we’ll explore the OWASP Top 10 2021 — a list of the most critical security risks to web applications — and demonstrate hands-on examples of each vulnerability using TryHackMe’s OWASP Top 10 2021 Room. By the end of this tutorial, you’ll have a better understanding of how these vulnerabilities can be exploited, as well as practical strategies to prevent them from occurring in your own web applications.
Why Learn OWASP Top 10?
As a self-taught web developer, I never learned about secure coding practices in my courses or books. It’s viewed by some organization that web security as a separate concern rather than as an integral part of the software development lifecycle (SDLC). Learning secure coding can only make you a strong developer.
From a business standpoint, enforcing secure coding practices and proper threa

SQLMap is an open-source tool that automatically finds and exploits SQL injection vulnerabilities. You can use it to test web applications for SQL injection and gain access to a vulnerable database.
For those who don’t know SQL injection is a web hacking technique where the attacker inserts malicious code into an SQL statement.
Once the attacker takes control of the database, he can perform malicious SQL queries against the vulnerable website and can retrieve, edit or delete the tables.
These queries can be generated and executed automatically by SQLMap.
Install SQLMap
You can install SQLMap on Debian-based Linux systems using the following command:
apt install sqlmap
How to Use SQLMap
To use SQLMap, you need to identify a website that is vulnerable to SQL injection. In my case, I will use a website, which is intentionally vulnerable to web attacks.
http://testphp.vulnweb.com/showforum.asp?id=1
The simplest way to check if a website is vulnerable to SQL injection is to look for websites that end in “php?id=nu

MD2PDF — TryHackMe Walkthrough Writeup
Hello Everyone! It’s been awhile since my last writeup. I’ve been focusing lately on CTFs more than bug bounty.
MD2PDF
MD2PDF (https://tryhackme.com/room/md2pdf) is an Easy CTF challenge that is very much beginner friendly.
Recon
MD2PDF stands for Markdown2PDF. The homepage offers a functionality which converts HTML markup to PDF format. This pretty much opens up the possibilities for XSSs or better, SSRFs (Server Side Request Forgery).
if an XSS/SSRF in the PDF generator is possible, we may use this to read private server files or send requests posing as the server.
Gobuster
there is an /admin directory. But it returns 403 Forbidden Error.
It says that the directory can only be accessed through localhost:5000
Exploitation
We must craft an <iframe> that frames the http://localhost:5000/admin directory.
<iframe src="http://localhost:5000/admin" height="1000" width="1000">
</iframe>
The generated pdf should show the /admin directory since the request came from server side,

- August 22, 2022
Let’s dive into it!
Dear Infosec,
I am excited to share with you my experience of discovering a security vulnerability in Google’s open-source software (OSS) last year. Imagine acquiring an acknowledgement from one of the biggest tech companies in the world for uncovering a security vulnerability in their open-source software. It was an exhilarating experience, but also one that taught me a lot about the importance of security research and the challenges that come with it.
In this blog post, I want to share my journey of hacking Google’s OSS, from the initial discovery to the reporting process and beyond. I hope that by sharing my experience, others will be inspired to pursue similar work and contribute to the ongoing effort to keep our digital world safe and secure.
Google Cloud Platform (GitHub) contain code samples used on cloud.google.com Here’s the GitHub link. I decided to put my skills to the test by reviewing a Python repository (REDACTED) because it’s a language I’m acquainted with 

On March 29, a massive supply chain compromise in 3CX software resulted in malware being installed globally across multiple industries.

The evolution of the internet has been rapid over the years and has impacted the privacy implications of Web 3.0 and Darknets, from Web 1.0 to Web 2.0, and now to Web 3.0. Web 3.0, also known as the decentralized web, is a network of interconnected and distributed systems that allow users to interact with […]

使用FirmAE 对zyxel路由器固件仿真实践0x01.FirmAE简介FirmAE 是一个执行仿真和漏洞分析的全自动框架。FirmAE 使用五种仲裁技术显著提高仿真成功率（从Firmadyne的 16.28% 提高到 79.36%）。 FirmAE的 ...

When Twitter joined the ranks of tech companies whose source code leaked online, it was met with little surprise and a whole lot of unease over what the leak might mean for the platform’s security. “Unlike other recent source code leaks, it is concerning that Twitter has not released a statement to reiterate that it..
The post Twitter Presses GitHub to Turn Over User Who Leaked Source Code appeared first on Security Boulevard.
Article Link: Twitter Presses GitHub to Turn Over User Who Leaked Source Code - Security Boulevard
1 post - 1 participant
Read full topic

In my last Diary[1], I shortly mentioned the need for correctly set Content Security Policy and/or the obsolete[2] X-Frame-Options HTTP security headers (not just) in order to prevent phishing pages, which overlay a fake login prompt over a legitimate website, from functioning correctly. Or, to be more specific, to prevent them from dynamically loading a legitimate page in an iframe under the fake login prompt, since this makes such phishing websites look much less like a legitimate login page and thus much less effective.
Article Link: https://isc.sans.edu/diary/rss/29698
1 post - 1 participant
Read full topic

Textpattern 4.8.8 - Remote Code Execution (RCE) (Authenticated)

Bangresto 1.0 - SQL Injection

Microsoft Outlook Elevation of Privilege Vulnerability
[GitHub]CVE-2023-23397漏洞的简单PoC，有效载荷通过电子邮件发送。

Learn how to scale your cybersecurity program with automation, continuous monitoring, and powerful data insights.
Article Link: https://www.bitsight.com/blog/how-scale-cybersecurity-program-across-expanding-attack-surface
1 post - 1 participant
Read full topic

Attacks on APIs continue to rise sharply. New findings from Salt Labs found a shocking 400% increase in unique API attackers in the last six months. Interestingly, the report also discovered that nearly 80% of attacks occur over authenticated endpoints. Gartner previously predicted that APIs would soon become the most frequent attack vector, and new..
The post API Attacks Rise 400% in Last Six Months appeared first on Security Boulevard.
Article Link: API Attacks Rise 400% in Last Six Months - Security Boulevard
1 post - 1 participant
Read full topic

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Unauthenticated Factory Reset

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Remote Command Execution (RCE)

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Directory Traversal File Write Exploit

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Authentication Bypass

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x  -  Denial Of Service (DoS)

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x  - Authorization Bypass (IDOR)

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Cross-Site Request Forgery

SOUND4 Server Service 4.1.102 - Local Privilege Escalation

Cacti v1.2.22 - Remote Command Execution (RCE)

Judging Management System v1.0 - Authentication Bypass

多位安全专家齐聚一堂，就企业开源安全及相关治理方案展开讨论。

3 月 22 日，FreeBuf 企业安全俱乐部·北京站在北京希尔顿逸林酒店隆重举行。