One interesting observation we make when testing complex environments is that at the bottom of huge technology stacks, there is usually a handful of shell scripts doing interesting stuff. More often than not these helper scripts are started as part of cron jobs running as root and perform basic administrative tasks like compressing and copying log files or deleting leftover files in temporary directories. Of course, these high privileges make them an interesting target for privilege escalation attacks and one class of vulnerability we reliably encounter in shell scripts is unsafe handling of globbing or filename expansions. Continue reading “Revisiting an Old Friend: Shell Globbing”
Continue readingIPv6 Hardening Guide for Windows Servers
After we recently released the “Linux IPv6 Hardening Guide” we got a number of suggestions “could you pls provide a similar document for $OS?” (btw: thanks to you all for the overwhelming interest in the Linux document and the active discussion of ip6tables rule approaches on the ipv6hackers mailing list).
Continue reading “IPv6 Hardening Guide for Windows Servers”
Continue readingTroopers15 – Third Round of Talks Selected
As we promised some days ago here’s the third round of Troopers15 speakers (first one here, second here). It’s going to be awesome!
Continue reading “Troopers15 – Third Round of Talks Selected”
Continue readingGetting 20k Inline-QR-Codes out of Burp
Lately we had to analyze QR-Codes in a pentest. Those held some random data which was used as a token for login and we wanted to know if that data was really random.
Continue reading “Getting 20k Inline-QR-Codes out of Burp”
Continue readingIPv6 Hardening Guide for Linux Servers
We were recently approached by a customer asking us for support along the lines of “do you have any recommendations as for strict hardening of IPv6 parameters on Linux systems?”. It turned out that the systems in question process quite sensitive data and are located in certain, not too big network segments with very high security requirements.
Continue reading “IPv6 Hardening Guide for Linux Servers”
Continue readingPenetration Testing Tools that (do not) Support IPv6
We just released a white paper authored by Antonios Atlasis that provides an overview which pentesting tools currently support IPv6 and how to (still) use them if that’s not the case. It can be found in our newsletter section.
Best
Enno
Continue readingTroopers15 – Second Round of Talks Selected
As we promised some days ago when we published the first round, here we go with the second:
Continue reading “Troopers15 – Second Round of Talks Selected”
Continue readingSecurity Implications of Using IPv6 GUAs Only
When planning for IPv6 addressing, many organizations – rightfully & wisely – decide to go with global unicast addresses (GUAs) only (hence not to use unique local addresses/ULAs as of RFC 4193 at all), in order to avoid address selection hell or just for simplicity & consistency reasons. This post discusses security implications and complementary security controls of such an approach.
Continue reading “Security Implications of Using IPv6 GUAs Only”
Continue readingIPv6 in RFIs/Tendering Processes
In one of our customer environments each vendor offering an IT product/solution is asked to fill out a questionnaire collecting information on a number of technical parameters with regard to their product[s]. We were recently asked to come up with a proposal of 8 to 10 IPv6-related questions to be added to the questionnaire/process. Here’s what we suggested:
Continue reading “IPv6 in RFIs/Tendering Processes”
Continue readingMLD Considered Harmful?
This is a guest post from Antonios Atlasis.
On Thursday the 20th Enno, Jayson and I had the pleasure to present our latest research results regarding MLD at Deepsec 2014, both from vendors’ implementation perspective as well as regarding protocol design flaws (some preliminary results as well as our testing methodology were discussed here and here).
For refreshing out memory, in a nutshell, the purpose of MLD, a subprotocol of IPv6, is to inform routers about the presence of nodes which are interested in receiving specific multicast traffic (RFC 2710). The newer version of MLD, MLDv2 adds the ability for source address selection (RFC 3810).
Continue reading “MLD Considered Harmful?”
Continue reading