Category Archives: Uncategorized

Bypassing PHP Null Byte Injection protections


August 15, 2016

Overview

The Null Byte Injection is pretty old vulnerability. As an example, this post from 1996(!) describes the same problem affecting CGI scripts. Yet, this vulnerability still bites now and then.

PHP suffered from this issue for quite a long time and was not fixed until late December 2010 when the final fix was implemented in version 5.3.4.

All is not lost and there are some other tricks out there which allows you to overcome this fix and still exploit Local File Include (LFI) vulnerabilities. For this reason, we thought it would be beneficial for  the community to come up with a CTF challenge followed by a write-up on the tricks which are not entirely spread out on the Interwebs.

My friend and Securus Global co-worker Márcio challenged me to try the CTF challenge that he came up with recently. The challenge aims to present a not widely known technique used to bypass some common file upload restrictions imposed on PHP applications. Restrictions, that prevent unauthorized upload of files to the web server using web application.

Here is the link to the challenge: http://198.199.84.56

I’ll spoil the fun a little bit and tempt you to try it out: The challenge is all about cute Pandas. ☺

Enjoy!

WE’RE HIRING: Penetration Testers


March 25, 2015

Securus Global is looking to expand its technical delivery team, so that as we grow, we can continue to deliver top-quality security assessments to our clients.

  • Location: Sydney or Melbourne CBD
  • Salary: Dependent upon experience.
  • Work Type: Full Time

ROLE PURPOSE:

The Penetration Tester is a hands-on technical role, primarily involving:

  • Performing penetration testing (web apps, networks, mobile apps, code reviews, you name it)
  • Reviewing other technical deliverables, such as penetration testing work and client reports
  • Presenting technical work to clients and be able to explain various security issues and why they’re important to both technical and non-technical audiences
  • Contributing to the development of internal tools and methodologies

Continue reading

CVE-2014-6271 (“Shellshock”) and exploit PoC


September 26, 2014

By Andy Yang

(A little bit of background on this post – one of my colleagues, Norman Yue, posted something about the Internet being on fire to LinkedIn yesterday, regarding the bash bug. This blog post tries to explain a bit more about why exactly this is such a big issue, and also provides a proof-of-concept exploitation).

Firstly, the vulnerability itself. The actual vulnerability itself is amusing and unique, but otherwise, isn’t the magical everything-is-owned vulnerability that everyone makes it out to be. To paraphrase, if you are able to set an environment variable through the Bash shell, you can execute commands.

The interesting part is that this vulnerability may have existed for more than 20 years, in an application which is part of pretty much every Unix system since a long time ago. The vulnerable versions start from cpe:/a:gnu:bash:1.14.0 to cpe:/a:gnu:bash:4.3, which covers pretty much every Unix-based operating system available today (and by extension, a tremendous chunk of the Internet). Continue reading

Achieving Comprehensive PCI DSS 3.0 Compliance


August 07, 2014

It’s not news that any entity that processes, transmits or stores account data, or can impact the security of cardholder data environment, is required to be compliant to PCI DSS 3.0. However, the business benefits of the security framework — a more secure network, protection of corporate brand and reputation, reduced risk of successful data breaches and network attacks — can easily be overshadowed.

Tripwire (a long time parter of Securus) combines the power of configuration control and deep file integrity monitoring (FIM) with comprehensive log and security information event management capabilities to help deliver continuous and unmatched PCI DSS compliance. The above white paper serves as a useful guide for security personnel who want to learn how Tripwire® Enterprise, Tripwire Log Center® and Tripwire IP360™ could assist in meeting PCI DSS requirements. Qualified Security Assessors (QSAs) might find this document useful as well, as it highlights the areas of the PCI DSS requirements that can be verified and met by those solutions.

Download whitepaper here: http://www.tripwire.com/register/pci-dss-compliance-with-tripwire-solutions-a-witham-pty-ltd-whitepaper/

July 2014 Newsletter


July 09, 2014

Includes the latest from the Securus Newsroom, Partner Updates, Community Engagement, Tech Talk, Career Ops and more.

View as PDF here: https://securusglobal.createsend.com/reports/viewCampaign.aspx?d=j&c=8529664D569F40FB&ID=C09E8E4AF5539137&temp=False

You can also subscribe to our newsletter: http://www.securusglobal.com/subscribe/

 

Penetration Testing in Australia

It is always interesting to look at theoretical investment being made by companies in Australia. Based upon our experience, the assumptions made in a recent analysis by Nick Ellsmore, are in our opinion realistic. Read full article here: http://www.dellingadvisory.com/blog/2013/4/5/penetration-testing-market-analysis-where-is-all-the-revenue

Should you be using this as your guide to your own strategy in regards to penetration testing? Well that depends on your own circumstances, your risk tolerance assessed against those assets and the overall potential impact to you in case of a breach. (Related to your risk assessment and that risk tolerance level).

Taking aside the financial aspect in terms of costs of penetration testing across the board, a key factor for consideration, based on Securus Global’s own 10+ years of experience in this market, is that 95% of web applications we test for the first time have major to critical vulnerabilities in them. If even only 50% of those applications were already in production before we tested them, (with the actual figure higher), that equates to an alarming number of websites in Australia (and globally given those statistics do not differ for our international clients), being insecure and open to compromise, if they haven’t been compromised already.

It’s clear that a great deal of Australian business do not have an effective security assurance program in place. With cyber crime on the rise and media reporting of breaches increasing exponentially, it doesn’t present a confident picture of cyber security in Australia, nor globally. Continue reading

Hiring – Penetration Testers


April 03, 2014

Penetration Tester Roles

LOCATION:  Sydney, Melbourne

Securus Global is a small, dynamic organisation that requires each and every person to step up to the plate. We have a strong reputation for excellence in delivery and expect quality in all we do. You will not be able to get lost in the crowd here and you will have opportunities for growth that are only limited by yourself.

JOB DESCRIPTION:
Securus Global is currently looking for an experienced web application penetration tester to join our team in Sydney or Melbourne. This is a challenging and varied role with predominantly project-based, hands-on engagements that include, but are not limited to:

  • Web application penetration testing
  • Network vulnerability assessment
  • Application source code review
  • Application reverse engineering Continue reading

Case study: Securing the Technology Change Agenda.


March 21, 2014

Understanding and managing the security risk of technology change initiatives.

ABSTRACT:
Businesses are increasingly seeking to leverage new technologies such as mobile and cloud to enable strategic initiatives, realise business efficiencies, support a flexible, productive workforce and facilitate innovation.

Although these initiatives provide many business benefits, the rapidly evolving technology landscape can also introduce significant security risks that threaten the confidentiality, integrity or availability of sensitive corporate information. In the modern, connected age such compromises can have a significant negative impact to corporate reputation and business performance.

Understanding, identifying and mitigating the security risks inherent in the use of such technology is necessary to allow businesses to realise the benefits of investment in new technology initiatives while maintaining their desired security posture.

Download here: Case Study Securing the Technology Change Agenda

Case study: Security Pitfalls of a Shared Portal.

Lessons learned from a custom portal development project.

ABSTRACT:
This paper sets out to examine the lessons learned from a client who commissioned a custom web portal to be developed. During our security assessment, we found a number of significant security vulnerabilities which lead to data theft, account take over and system compromise.

The security pitfalls which lead to the compromises will be outlined along with the recommendations and strategies for avoiding these issues within your own projects.

Download here: Case Study – Client Portal

The Anatomy of a Security Breach.


January 16, 2014

Securus Global’s approach to minimising your risks…

By now, you have probably read about the Target security breach: (Nothing new… this happens all the time).
http://www.marketwatch.com/story/traffic-at-target-stores-down-after-data-breach-2013-12-22-174855718?reflink=MW_news_stmp
http://www.usatoday.com/story/money/business/2013/12/22/target-breach-suits-and-investigations/4167977/

At Securus Global, we are frequently asked by our clients how hackers compromise companies and in turn, what can be done to minimise the risk of it happening to their own organisation.

By hiring the likes of Securus Global to test your systems in testing, pre-production and/or post production, we’ll be able to highlight any potential exposures you have and issue advice on how to fix them and ways to make you more resistant to such breaches all together.

Better yet, we would rather help you be in a position that your risks are identified beforehand, or even not to be there in the first place.

This is why in early 2014, we’re offering client workshops to explain the anatomy of such attacks and how the hackers are attaining this information from your companies.

These are 1-2 hour informal sessions (no cost), where we talk about what we have seen in the last 10 years, how the attacks are planned and take place but most importantly, what you can do to minimise the chances of this happening to your company. Continue reading

Dumping Windows Credentials


December 20, 2013

By Sebastien Macke, @lanjelot

Introduction

During penetration testing engagements, we often find ourselves on Windows systems, looking for account credentials. The purpose of this post is to walk through some techniques to gather credentials from Windows systems while being as non-intrusive as possible.

The core principles behind the techniques described in this post are:

  • Safety – Avoid causing any downtime, by using tools and techniques which are known to be safe, and will not render a system unstable.
  • Stealthiness – Avoid detection by using tools and techniques that will trigger alerts. Refrain from uploading binaries, turning off the anti-virus, generating suspicious event logs etc.
  • Efficiency – While Bernardo’s blog attempts to cover many of the tools and techniques available for dumping credentials from a Windows host, this post focuses on the most practical way to get the job done. Continue reading