Posts

DevSecOps Expeditions

During these lockdown times, when everyone is confined at home, it is a good time for all of us to upgrade our skills. I am a DevSecOps promoter and supported multiple organizations in implementing secure SDLC. I wanted to gain more depth in DevSecOps and was looking a good handon training. That's when I came across this training CDP - Certified DevSecOps Professional ( https://www.practical-devsecops.com/certified-devsecops-professional/ ). The course is beautifully designed to instill relevant concepts in the learner. The course has taken a practical approach to learning. Material is self-explanatory and the learner can take his own time to go through the videos and documents to learn at its own pace. There is a 30-day lab included which can be extended if required. Lab exercises can be practiced and if anywhere you are stuck trainer Imran ( https://twitter.com/secfigo ) himself helps you to get through the obstacles. The course helps to learn to design CICD pipelines using ...

Capturing the Naughty app Traffic in Burpsuit

Image
While performing the pen-testing of one of banking apps we came across challenge of capturing the traffic in the burp. App being naughty was bypassing burp proxy and we were not able to capture the requests/responses. Reversing the app we came to know it was built on  Xamarain. To proceed with the pentest it was important to capture the requests in the burp proxy. Then we came across following link (Big thanks for this): https://gist.github.com/gameFace22/3afedd1309960249fa7fcb1360e40fd3 And it did work ! Just for my notes keeping the steps. Step 1: Switch off the wifi of the macbook and connect it to your phone hotspot. Connect it either by using cable to by bluetooth. Not by wifi ! Step 2: Go to System preferences-->Sharing-->On the internet sharing. See the pic. The internet which macbook gets from hotspot is shared by macbook. Macbook will start it's own hotspot ! Step 3: Now some command need to run to tell the macbook to route the tra...

HackIM 2018 Walkthrough OSINT 1 to 4

Image
OSINT 1 The challenge was pretty clear. One of our systems has been infected by a ransomware.The message says My username is your password. Wait for further instructions. We have been able to identify the JS file used to download the ransomware. Here is the MD5: '151af957b92d1a210537be7b1061dca6'. Can you help us to unlock the machine? A quick search in virus total revealed that the md5 belongs to a malicious js file called as  DSAdaDSDA.js : Also the challenge says " My username is your password" After learning more about   DSAdaDSDA.js I came across this link: https://www.hybrid-analysis.com/sample/611f55dc3d7b88d8000aa54bb571752f9b14889d913805ae5824187c1cc73371?environmentId=100 And found the username there in the analysis of this js. The flag was : hackim18{' n923wUc'} OSINT 2 The challenge said : Annual audits have flagged an employee who is sharing data outside the company in some secret manner. A quick OS...

Cracking CISSP

Its been a long time that I wrote on this blog but recently I got CISSP certified and many of my friends wanted to know how to go about it so I decided to put it in this post. Honestly speaking I cracked this exam in 1.5 months of dedicated study. I have heard people taking lot more time for the preparation and then lot of videos/books/questionnaires to practice,  I found it easy to handle may be because of my experience with the Info-Sec industry(6+ years) and due to various roles(technical/Non Technical) and responsibilities I played in organization and a good preparation. CISSP exam supports the people with Information Security Managerial skills. It pokes your decision making abilities on various information security issues. So with lot of study covering all the syllabus along with Info-Sec common sense it the key to pass the exam. And ya not to forget good amount mock tests will certainly avoid the injuries during the test as sitting for six hours staring the monitor at th...

Facebook - Enumerating Phone Numbers

Image
As we discussed in the Last post that one can use his phone number to identify the account in case of forgetting password. Well this utility can be easily misused to harvest phone numbers. How ?? let me demonstrate: Attack Scenario: Step 1.  This Page URL:    https://www.facebook.com/login/identify?ctx=recover  asks for phone number in order to identify the user. Step 2. I captured the request in Burpsuite and then in to the intruder.  To perform the attack I Buteforced the numbers +91973914XXXX. The last 4 digits were bruteforced. +91 is country code for India. 9739 is the starting 4 digits for Vodafone numbers in Karnataka, India.  Ofcourse intruder makes it easy. As the result of the attack as screenshot shows there are 10000 attempts to be made. Step 3. Now have a close look to the content- length of the response. Content length like 7182 and 8044 are valid phone numbers. Content-length 6930 is for the attem...

Facebook: A Privacy Error ??

Image
If you want to identify your facebook account there are 3 ways you can Identify yourself: 1. Provide your e-mail ID. 2. Provide your Phone number (If you have given this in you profile). 3. Provide your user ID(your unique id assigned by the facebook). Screenshot below shows the page (https://www.facebook.com/login/identify?ctx=recover) to identify your account in case you want to recover. The other way to look into this is this can also be misused to validate someones phone number. Let say my phone number is 9739141XXX. I put it there and I see myself.So the phone number and profile relation can be seen successfully. But I have kept my privacy settings to most secure that "Only Friends"(shown in screenshot below) can look to my phone numbers. Isn't this is a privacy breach. But here is the catch.Facebook is smart and keeps the log of Public IPs you are coming from. If you have logged in from the same Public IP before this privacy se...