Posts for year: 2015

Intrusion Discovery on Linux

December 1 / 2015
SANS institute introduced intrusion discovery cheat sheet for system administrators. The cheat sheet suggests often used commands to find any clue of system compromise. I will cover those commands here and I hope it can help you while following the cheat sheet. Unusual processes and services 1. List all processes and spot for unfamiliar one or the one that owns…

CSRF Redirector

December 1 / 2015
Yes, this is Cross-Site Request Forgery Redirector. If you are a fan of PHP, I am quite certain that you have heard of Chris Shiflett. He presented a CSRF Redirector. The idea is to re-route the GET request from one place to the POST request of another place which is the target site. As Chris has turned off this service,…

Smashing Flash Applications

December 1 / 2015
Episode. 0X00 When we perform penetration testing against web applications, Flash embedded objects are in our scope. Even the stakeholder did not refer it in details, it is an interesting target. More importantly, if the business logic depends on Flash object, the whole target could be defeated. If I have enough time, I will be back, and describe what I…

Being a good and great penetration tester

December 1 / 2015
Nothing to be written and said, but only the reference to these stuffs which exemplify how to be a good and great penetration tester. RSA Flash Talk: Top 5 Reasons It’s GREAT To Be a Pen Tester Mamma’s Don’t Let Your Babies. Grow Up to Be Pen Testers Adaptive Penetration Testing Secrets of America’s. Top Pen Testers – Recommended!! Go…

A quick look on ASP.NET viewstate

December 1 / 2015
Viewstate is a cool mechanism in ASP.NET platform to maintain information supplied from the client-side. Every input will be submitted to the server with POST method by default. Some HTML input objects will contain javascript function calling back to the server as it is shown below. 00 01 function __doPostBack(eventTarget, eventArgument) { 02 if (!theForm.onsubmit || (theForm.onsubmit() != false)) {…