Skip to main content

Tag: Cybersecurity

Articles tagged with Cybersecurity
← Back to all tags

Cybersecurity Articles

Illustration of Let the framework guard your JWT internals - but who is guarding the framework?

Let the framework guard your JWT internals - but who is guarding the framework?

Marek Kaliszczyk

During a recent security assessment, we found a critical authentication bypass, which at the first glance looked like a classic Json Web Token (JWT) issue - no cryptographic signature verification and possibility to forge valid tokens as a result. A blackbox assessment would probably have called it a day and reported the issue as a lack of cryptographic signature verification, which would be a legitimate issue. However, since the assessment consisted of whitebox code review, it was possible to dive deeper into the application's logic.

READ article
Illustration of From SPI Sniffing to Keys: Extracting Clevis/BitLocker Secrets from TPM Traffic #HardwareHacking

From SPI Sniffing to Keys: Extracting Clevis/BitLocker Secrets from TPM Traffic #HardwareHacking

Mateusz Lewczak

In September 2024, a real-world penetration test was conducted to assess the security of a laptop using LUKS disk encryption on Linux, with Clevis facilitating automatic disk unlocking. The tested device relied on a TPM (Trusted Platform Module) to secure the decryption key used by Clevis. The focus of the test was to explore potential vulnerabilities to SPI Sniffing attacks.

READ article
Illustration of Symfony Profiler in Production – An Entry Point for Sensitive Data Leaks and Remote Code Execution

Symfony Profiler in Production – An Entry Point for Sensitive Data Leaks and Remote Code Execution

Jakub Żoczek

During a security audit, a web application using an outdated version of the Symfony framework was identified. The analysis revealed the presence of the Symfony Profiler tool, which is commonly used for debugging applications during development. The Profiler provides detailed information about the application's operation, which is useful for developers. However, in a production environment, its availability can lead to the disclosure of sensitive information and, in some cases, remote code execution on the server.

READ article
Illustration of Session Fixation: A „Hidden Threat” to Web Application Security

Session Fixation: A „Hidden Threat” to Web Application Security

Marcin Zięba

Session fixation is a security vulnerability that occurs when an attacker forces a legitimate user to utilize a predetermined session identifier (session ID). This allows the attacker to hijack the session and impersonate the victim once they authenticate with the web application. The vulnerability arises when an application fails to properly regenerate a new session ID upon user authentication, thereby continuing to use the preexisting session ID provided by the attacker. Common attack vectors include injecting the session ID through URL parameters, cookies, or hidden form fields.

READ article
Illustration of Exploiting the Password Reset Vulnerability: A Real-World Case Study.

Exploiting the Password Reset Vulnerability: A Real-World Case Study.

Securitum

Modern web applications need to prioritize user security. However, even well-designed systems can have hidden flaws that make them vulnerable to attacks. During a recent security test, a serious issue was found in the password reset feature of an application. This vulnerability made it possible for attackers to gain access to any user account, including the super administrators. Here's what went wrong and why it's such a big problem.

READ article
Illustration of Exploring Vulnerabilities in Mobile Applications: Key Exchange Protocol Hacking - Man-in-the-Middle and Brute-force in Action. Part 2 of 2.

Exploring Vulnerabilities in Mobile Applications: Key Exchange Protocol Hacking - Man-in-the-Middle and Brute-force in Action. Part 2 of 2.

Dariusz Tytko

In first part of this article, I described how do we analyze protocols during mobile applications testing. During this analysis, I noticed that the Diffie–Hellman protocol is used to exchange encryption keys. The protocol implementation was audited, and I discovered that it is prone to two attacks: Man-in-the-Middle and brute-force. Each of these attacks compromise the security of the protocol, allowing attackers to view and modify the data sent between the mobile applications and the servers.

READ article
Illustration of Exploring Vulnerabilities in Mobile Applications: Key Exchange Protocol Analysis and Toolkit Setup. Part 1 of 2.

Exploring Vulnerabilities in Mobile Applications: Key Exchange Protocol Analysis and Toolkit Setup. Part 1 of 2.

Dariusz Tytko

During one of latest pentests I tested mobile application. To perform analysis of the communication protocol and prepare a toolkit for testing network communication, the Android version of the application was used. Protocol analysis The protocol is implemented using C++ language, the implementation is included in the native library lib/arm64-v8a/lib[…].so. Wireshark, Frida (the instrumentation toolkit) and Ghidra (a software reverse engineering framework) were used to analyze the protocol.

READ article
Illustration of Memory Heist: The Secrets and Risks of Cold Boot Attacks

Memory Heist: The Secrets and Risks of Cold Boot Attacks

Mateusz Lewczak

A Cold Boot Attack is a technique designed to capture data directly from a computer's RAM, where critical and sensitive information is often stored. What kind of data? It could be almost anything: passwords, encryption keys, user login data, or even active sessions, which could provide attackers with extensive access to the system. In short, the attacker is after any information held in RAM during computer operation, and the Cold Boot Attack allows them to retrieve it.

READ article
Illustration of Accessing Internal Network by WiFi Hacking - 2024 Pentest Case

Accessing Internal Network by WiFi Hacking - 2024 Pentest Case

Aleksander Wojdyła

During the last penetration test, I performed an Evil Twin attack, which involves setting up a fake access point with the same name as the legitimate one. Due to improper configuration of endpoint devices (e.g., computers, phones, tablets), users could accept an incorrect (fake, generated by the auditor) certificate identifying the network. This led to a successful capture of the authentication segment of the communication. Subsequently, the auditor subjected the captured data to brute-force attacks, resulting in the retrieval of credentials.

READ article
Illustration of From SOQL Query to Data Breach - Lessons from a Real-World Pentest

From SOQL Query to Data Breach - Lessons from a Real-World Pentest

Adam Borczyk

During one of security audits of a web application, I uncovered an interesting vulnerability: the exposure of an endpoint that allows users to perform arbitrary Salesforce Object Query Language (SOQL) queries. Such functionality, when available to unauthorized users or misconfigured, poses significant security risk, especially if Row-Level Security (RLS) permissions are not properly set. In this article I will analyze technical aspects of this vulnerability, the potential risks, and steps to mitigate such issues.

READ article
Illustration of Bypassing Host Validation: Real Pentest Case of Sensitive Data Exposure

Bypassing Host Validation: Real Pentest Case of Sensitive Data Exposure

MATEUSZ Kowalczyk

During one of penetration tests, I discovered a vulnerability that allowed us to bypass a host whitelist, leading to the exposure of sensitive data. This behavior could let attackers to exfiltrate sensitive information, such as password reset tokens, to external hosts they control. The severity of this vulnerability is significant, as it opens up further attack vectors that could potentially compromise the application and its users.

READ article
Illustration of Hacking IBM AS/400 in 2024: QShell and Remote Code Execution

Hacking IBM AS/400 in 2024: QShell and Remote Code Execution

MATEUSZ Kowalczyk

A few months ago, one of our clients commissioned us to audit a customer service application that continued to use the IBM AS400 environment. These days, an emulator is needed to connect to this application. An AS/400 emulator is software designed to emulate the functionality of an AS/400 system on a different platform, such as a modern desktop or server computer. These emulators enable users to access and interact with AS/400 applications and resources without the need for physical AS/400 hardware.

READ article
Illustration of Heartbleed Vulnerability in 2024: A Fresh Case from Our Pentest

Heartbleed Vulnerability in 2024: A Fresh Case from Our Pentest

Paweł Różański

During a recent security audit, vulnerability known as The Heartbleed Bug was discovered on two publicly accessible servers. What is interesting it is a fact that this vulnerability was discovered 10 years ago! It allows an attacker to access data directly from the memory of vulnerable systems. In fact, it enables the extraction of sensitive information, including credentials, without any pre-existing access or authentication requirements.

READ article
Illustration of From low-privileged user to Remote Code Execution: step-by-step pentest journey

From low-privileged user to Remote Code Execution: step-by-step pentest journey

Adam Borczyk

In the world of web application security, some vulnerabilities are naturally less impactful than others. We often hear about direct, short, and simple attacks that can compromise an entire server or application. Sometimes, however, it is chaining multiple, less dangerous vulnerabilities that leads to serious consequences. Here we will go through a case from one of the pentests from a couple of weeks ago, where having a low-privileged user account allowed us first to read the application source code, then to escalate to admin, and finally to obtain remote code execution.

READ article
Illustration of How a simple vulnerability allowed proxying TCP traffic - real pentest case

How a simple vulnerability allowed proxying TCP traffic - real pentest case

Dariusz Tytko

During a penetration test for our client, it was discovered that the turn.example.com server, which is part of the tested application infrastructure, is vulnerable. This flaw allows for proxying TCP traffic through the server, enabling attacks on any host on the internet. Additionally, attackers could gain access to internal systems and their configurations, potentially compromising the entire infrastructure.

READ article
Illustration of Exploiting PDF generation vulnerability: a case study from real pentest

Exploiting PDF generation vulnerability: a case study from real pentest

SECURITUM

In a recent penetration test conducted by [Your Security Company], we identified a critical vulnerability within a web application that allowed unauthorized access to sensitive resources. This flaw permits an attacker to access both local server files and data on other servers within the same network. The vulnerability stems from improper handling of user-input data, presenting a severe security risk.

READ article
Illustration of Password reset flaw: when anyone can reset your password

Password reset flaw: when anyone can reset your password

Sebastian Jeż

During rigorous testing, security researchers uncovered a significant weakness in the password reset mechanisms used by numerous online platforms. By exploiting the seemingly harmless phone number field, an attacker can compromise a victim's account. The vulnerability lies in the mishandling of a four-digit code, which, instead of being sent solely to the owner's phone, is also included in the server's response. This oversight turns a seemingly harmless feature into a gateway for hackers to infiltrate users' digital lives.

READ article
Illustration of How a simple lack of SMS code verification can compromise financial security

How a simple lack of SMS code verification can compromise financial security

Securitum

During audits, it's crucial to check all possible attack vectors, even the seemingly obvious functionalities. This diligence led us to discover, during one of our web application audits, that the server does not verify the correctness of the SMS code used by applicants during the credit request process, either at the start or at the final document signing stage. In short: a credit application without any verification.

READ article
Illustration of Exploring DaaS Security: A Comprehensive Guide Based on Vulnerabilities Uncovered in Real Pentests - part 1

Exploring DaaS Security: A Comprehensive Guide Based on Vulnerabilities Uncovered in Real Pentests - part 1

Mateusz Lewczak

We're experiencing a real renaissance among desktop applications, thanks to cloud services that have added Desktop As A Service to their offerings. This service allows us to stream the image of a native application running on a cloud machine directly to our browser. We interact with it as we would with a normal application, except that, by design, we have limited access to the system. And that's our main goal as pentesters - to escape from the Matrix (application) into the system shell! In a conventional test of a desktop application, the focus is primarily on the application itself and its associated files. However, for applications running under DaaS, the audit extends to the entire runtime environment.

READ article
Illustration of Crashing servers with digits: floating-point numbers DoS vulnerabilities

Crashing servers with digits: floating-point numbers DoS vulnerabilities

Martin Matyja

A Denial-of-Service (DoS) attack is a malicious attempt to disrupt the normal functioning of a system or network, in this case – a web application. One sophisticated form of such an attack exploits vulnerabilities in the processing of floating-point numbers. In our scenario, attackers manipulate the system's handling of floating-point arithmetic, leading to inaccurate calculations and potential system failures. This method challenges the reliability of numerical computations and poses a serious threat to the stability and availability of targeted systems.

READ article
Illustration of Unicode's role in XSS vulnerabilities.

Unicode's role in XSS vulnerabilities.

jacek siwek

Web application security is a crucial concern in today's digital landscape. Cross-Site Scripting (XSS) attacks pose a significant threat to web applications, allowing attackers to inject malicious scripts into trusted websites. Request validation mechanisms are implemented to mitigate such attacks by blocking certain characters or patterns commonly associated with malicious code. However, recent discoveries suggest that there is a possibility of bypassing these validation mechanisms using Unicode characters, which could lead to successful XSS attacks.

READ article
Illustration of Insider threat - The average insider threat attack scenario. How attackers can take over an entire domain in a few steps. Part 2.

Insider threat - The average insider threat attack scenario. How attackers can take over an entire domain in a few steps. Part 2.

DOMINIK ANTOŃCZAK

Have you ever wondered how little it takes to take over an Active Directory domain? Have you considered using some exploit? Nah, using exploits is not a fancy way and can be easily detected, and if anything, that option remains as a last resort. As savvy "hackers", we possess the right knowledge to navigate the network smoothly without making noise. Sometimes it takes a few steps, and just as Neil Armstrong said, it's one small step for man…, but for us hackers, taking over one system is a small step towards taking over the entire network. In this scenario, I'll demonstrate how the ability to analyze acquired information, coupled with a few sublime actions, was sufficient to take over the entire domain of a company consisting of 500-1000 users.

READ article
Illustration of Server shutdown via GraphQL during real-life pentest

Server shutdown via GraphQL during real-life pentest

KAMIL JAROSIŃSKI

GraphQL is a query language and environment created by Facebook in 2012 and released publicly in 2015. However, it has only gained significant popularity among developers and organizations in the last few years. Why is it so popular? GraphQL serves as an alternative to traditional API protocols, like REST, offering a more flexible and efficient way for client-server communication. The emergence of new technology opens up new perspectives and solves some problems, but unfortunately, it also introduces threats. This is the case with GraphQL. If used without proper knowledge, it could potentially allow for a DoS (Denial of Service) attack.

READ article
Illustration of Better safe than sorry - The Imperative of Double-Checking Application Architecture Before Launch.

Better safe than sorry - The Imperative of Double-Checking Application Architecture Before Launch.

MICHAŁ ŻACZEK

Every application's journey from conception to release involves critical steps within the Software Security Development Life Cycle (SSDLC). Paramount among these is the Design Phase, where the application's architecture is conceptualized. This step is fundamental in determining the coding approach and necessitates careful consideration, especially from a security standpoint. Key aspects like data processing and storage need thorough examination.

READ article
Illustration of Artificial Intelligence-Assisted Fuzzing: New Horizons in Software Security Testing

Artificial Intelligence-Assisted Fuzzing: New Horizons in Software Security Testing

tomasz turba

Cybersecurity is evolving with every new technology, so penetration testers feel the need for more advanced methods and tools. One such emerging trend is Artificial Intelligence (AI)-assisted fuzzing, an approach that merges traditional fuzzing approaches with the innovative capabilities of AI. This article delves into the concept of fuzzing, its enhancement through AI, and the potential future directions of this synergy.

READ article
Illustration of Hacking the invisible: A deep dive into Sub-GHz communication and flaws in the devices we use every day

Hacking the invisible: A deep dive into Sub-GHz communication and flaws in the devices we use every day

MATEUSZ KOWALCZYK

In our modern world, remote control technology is an ever-present part of daily life. This includes everything from the key fobs in our pockets to the remote controls on our coffee tables. But what lies behind the magic of these devices? In this article, we delve into the world of Sub-GHz communication, a technology in remote control systems, particularly those used for controlling entrance gates or garage doors

READ article
Illustration of Beyond fingerprints: Discussing the challenges of behavioral biometrics security

Beyond fingerprints: Discussing the challenges of behavioral biometrics security

MATEUSZ LEWCZAK

Behavioral biometrics is an increasingly common element of the security of our bank accounts. It considers the way we type on a keyboard, move a mouse, use audio/video equipment, and even how we hold our phone. As it turns out, each of us performs these activities in a different way, and although these are small differences, with the use of Machine Learning, we are able to assess whether banking operations are performed by the account owner.

READ article
Illustration of Mobile Device Security in today's enterprise landscape: A comprehensive approach

Mobile Device Security in today's enterprise landscape: A comprehensive approach

Michał Wnękowicz

The evolving challenge at a time when mobile devices are commonplace in corporate environments, concerns about their security have increased. For both corporate and Bring Your Own Device (BYOD) devices, the challenge of maintaining strong security is significant. What's more, as mobile applications become more sophisticated, their potential security vulnerabilities are becoming a concern for cybersecurity teams.

READ article
Illustration of The risks of over-logging: a case study on application takeover

The risks of over-logging: a case study on application takeover

Securitum

Logs are often seen as a wall of text, filled with information that seems unimportant until a significant problem arises. Yet, have you ever thought about the security risks hidden within those walls of text, particularly when they include sensitive details like usernames and passwords? It's a common belief that only trustworthy individuals, such as administrators, access these logs, but not considering the potential security implications can be a dangerous oversight.

READ article
Illustration of Unveiling hidden data: a log file's security breach

Unveiling hidden data: a log file's security breach

ROBERT KRUCZEK

Unveiling hidden data during 2023 pentest: how a misplaced log file can compromise 2FA security. Conducting penetration tests requires the use of existing solutions that significantly facilitate the work. For web applications, it is valuable to recognize the structure of directories or find files of interest. For this purpose, we can use applications such as: ffuf, dirbuster, gobuster. During the discussed test, I used the ffuf tool with a basic dictionary available publicly: https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/common.txt

READ article
Illustration of Demystifying Prototype Pollution and its link to DOM XSS

Demystifying Prototype Pollution and its link to DOM XSS

Kalina Zielonka

JavaScript, the backbone of many web applications today, brings with it flexibility and potential. At the core of its architecture, every element we interact with is essentially an object, each with its own unique properties and methods. The Role of Prototypes in JavaScript Prototypes allow JS to share attributes or properties between different objects. Every object in JS has a prototype object associated with it, which gives that object its own properties. In other words, an object in JS inherits all the properties of its prototype.

READ article
Illustration of When Usernames Become Passwords: A Real-World Case Study of Weak Password Practices

When Usernames Become Passwords: A Real-World Case Study of Weak Password Practices

michał wnękowicz

In today's world, ensuring the security of our accounts is more crucial than ever. Just as keys protect the doors to our homes, passwords serve as the first line of defense for our data and assets. It's easy to assume that technical individuals, such as developers and IT professionals, always use strong, unique passwords to keep their accounts secure. However, this is not always the case; for example, ...

READ article
A professional cybersecurity consultant ready to assist with your inquiry.

Any questions?

Happy to get a call or email
and help!

Contact Us