Haifei Li’s Post

Hello Everyone, I know it’s been a while. I have been building up my pentesting skills and solving a lot of CTFs and Vulnerable labs. I’ve also been trying to focus on the OWASP® Foundation top ten vulnerabilities and understanding them not just by theory but how the can be implemented in exploiting systems.  I solved a business logic vulnerability lab that has a broken access control flaws while learning how IDOR (Insecure Direct Object Reference) can be exploited  https://lnkd.in/d2yEZ-CD

Today, I will share with you my methodology for uncovering CSRF (Cross-Site Request Forgery) vulnerabilities during penetration testing. First , let's embark on the journey of mapping the application. But what does mapping entail, you ask? It's about meticulously identifying every instance where the web application interacts with the underlying operating system. When visiting the URL of the application, walk through all the pages. Make note of all the input vectors that potentially communicate with the backend. Understand how the application functions. Try to figure out the logic of the application. And while you're doing all of that, I have my Burp Proxy silently listening and intercepting all the requests." Next, review all key functionalities within the application. Pay close attention to functions that satisfy three vital conditions: they must involve a -relevant action -employ cookie-based session handling -possess no unpredictable request parameters. peace!

"libwebp" might sound like an obscure, MAGA inspired insult but it's actually kind of a big deal... In short, it's an image processing library and will be used to some extent across most methods of viewing images online. The recently discovered CVE-20232-4863, which exists within the libwebp image library has the POTENTIAL to allow an attacker to create an image with a malicious payload, which IF viewed by a system with the vulnerable version of libwebp COULD compromise your device. If there’s an update with a security patch for WebP handling for your application, grab it like you're Grandpa Joe and its a golden ticket... For a full breakdown, see the link in the comments.

𝗦𝗼𝗳𝘁𝘄𝗮𝗿𝗲 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗺𝗲𝗰𝗵𝗮𝗻𝗶𝘀𝗺 𝗼𝗳 𝘁𝗵𝗲 𝘄𝗲𝗲𝗸. Obfuscation is the "art" of hiding how a program works by making the original code significantly more complex then it actually is. Depending on the obfuscator, this can make it significantly harder for a hacker to reverse engineer the application and learn its secrets. There are many ways to obfuscate programs, but one we particularly like is M/o/Vfuscator2 (we do 𝗡𝗢𝗧 suggest you to use this in production). It abuses the "mov" instruction to translate any arbitrary assembly instruction into a sequence of "mov" instructions. If you are interested have a look at the README page on https://lnkd.in/d6xBbC6. You will find more information including a nice presentation on how it works!

I had suspicions this was happening, and now we know for sure - "researchers" are using LLMs to help find vulnerabilities, and they're not necessarily doing this very well. Someone used an LLM to generate a vulnerability entry they filed in HackerOne against curl, and it's a doozy. They asked Bard to look at a certain code signature and it hallucinated something completely incorrect that doesn't even compile, then sent it to the maintainers of curl as if it were a high severity CVE. These types of bogus reports need to stop, they're just another DOS on maintainers who now have even more junk to sift through as they go about their days. Every vulnerability disclosure program is already swamped with low-quality reports by folks looking to collect a bug bounty, LLMs are going to turbo charge this. #cve #vulnerabilitymanagement #opensource #llm #ai https://lnkd.in/eDQbGipA

🚨 Stay informed! A critical security update is available for node-qpdf. CVE-2023-26155 highlights a Command Injection vulnerability that affects certain versions of the package. #cybersecurityawareness #cybersecuritynews #bughunting #hacking

🛡️Node-qpdf Vulnerability Alert: CVE-2023-26155🛡️ 🔒 Be aware of the security risk in node-qpdf, a content-preserving PDF manipulation tool wrapped around QPDF. Affected versions of this package are susceptible to Command Injection, allowing malicious actors to exploit the package's 'encrypt()' method, leading to unsanitized input that can execute sensitive commands. PoC : qpdf.encrypt('test.pdf ||touch rce||', options); // a file named rce will be created

This is something we need to approach. While we want to get all vulnerabilities and keep an open flow, putting a lot of burden on the maintainers of Open Source to handle bogus issues is not a way forward. The combination of LLMs and bug bounties seems to be a problematic issue. #CVE #CURL #CYBERSECURITY #SBOM

I've just completed the HackTheBox module: File Upload Attacks In this module I learned how to check what file type you can upload, and using this to send over a shell using a proxy to change the file type and content-type from the header. https://lnkd.in/egthjTbq

Catching up on TryHackMe AOC2023! 🎅🎅🎅 Quick summary of Days 4, 5, & 6. [Day 4] Brute-forcing Baby, it's CeWLd outside 👉 We used cewl to spider the target website and generate a brute forcing wordlist based on the site’s content. 👉 We also used cewl to generate a list of possible employee usernames from the company site. 👉 Next we used wfuzz with our wordlist and username list from cewl to brute force the target login portal. [Day 5] Reverse engineering A Christmas DOScovery: Tapes of Yule-tide Past 👉 We learned the DOS operating system, and used it to change the magic bytes in a file to allow us to restore a backup. [Day 6] Memory corruption Memories of Christmas Past 👉 We learned about memory corruption vulnerabilities and exploited a buffer overflow vulnerability to beat a browser game written in C++. #tryhackme #offensivesecurity #penetrationtesting #webapplicationsecurity #cybersecurityanalyst