Makl Ndrix

Tag: security

  • Security Unit Tests

    One of the reasons why security creates a challenge in software companies, is that, as a security engineer, we fail to meet the developers where they live. Security tools and processes (pentests) typically result in a human report , or even a particular standardized file format (SARIF, etc). During technical security reviews, teams often file…

  • Cross domain cookie contamination

    TLDR: XSS attacks can be used to set cookies for sub domains that share the same top level domain. This increases the scope of XSS attacks. In a cloud world; several applications are hosted under the same top level domain. An organization can have hostnames such as: company.com: corporate landing page mail.company.com: webmail intranet.company.com: internal…

  • The revival of (cross site) script kiddies.

    First off, a Happy 2019! Being in charge of adjudicating Microsoft’s Cloud Bug Bounty; we see many “low hanging fruit” XSS bugs coming through. While we have tools that catch these bugs, sometimes they slip through the cracks. Also, since machines won’t find every.single.bug.ever; we pay out for interesting bugs, and bump up payouts for…

  • Post exploitation tools: Lazagne

    Often, after a compromise of a machine, red teams / adversaries search for certificates or credentials to hop to other machines, often referred to as “lateral movement”. When doing so, many use Mimikatz, a tool that extracts credentials, PIN codes and kerberos tickets from memory. There are countless blog articles about how to detect it,…

  • KeyWalking: pattern based passwords

    TL,DR; download the script here. In security audits, when we get a password file we -even though we may have admin or root access on the target already- usually grab the password file for offline cracking, just to see if there’s any passwords that users re-use, which would give us more access to other systems.…

  • But the camera rocks

    On my way home form a merely thought-inspiring movie, I passed by a few girls sharing a cigarette on your typical San Francisco cafe’s terrace. One of them was showing her (?) phone to the other, who told her friend “…but the camera rocks”. It made me, continuing the movie’s aftermath realize how we’ve given…

  • Phone numbers as default eLife WiFi keys

    The UAE’s internet is pretty much provided by two ISP’s: Etisalat and Du who provide broadband services to its customers. Focusing on the largest of the two, Etisalat, they provide a eLife program that allows triple play services into the homes of their customer base, which include a WiFi network. The problem though is that…

  • keyspace limitations

    I can’t really say which website this is, but it’s a middle eastern telecommunication company. Maximum 8 character password, in 2012, really? But then again, in a confirmation email, I noticed that these guys store the password in cleartext. Is diskspace really that expensive that we have to make it a VARCHAR(8)? I know these…

  • JQlog: JQuery Keylogger, or why not to trust your proxy admin.

    Note that this post is for awareness and educational purposes only. I do not encourage, and cannot be held responsible for malicious actions using these tools. The Internet, as it is today, is a mash-up of JavaScript enabled services, often included from external websites. Internet companies offer so-called widgets, which are JavaScript tools that can…

  • Dubai Credit Card Fraudsters arrested

    Dubai Police arrested a gang of Arab men, who stole over 200 million dirhams using credit cards doing online shopping, Gulf News said. They were tipped off in August about the guys, and caught most of them now (one out of four is out of the country).