Blog Posts

Nagios Core 4.4.5 – URL Injection (CVE-2020-13977)

I. OVERVIEW Discoverer: Aishee – UraSec Team Vendor & Product: Nagios Core Version: Nagios Core 4.4.5 CVE Reference: CVE-2020-13977 II. ABOUT NAGIOS CORE Nagios  is a free and open–source computer-software application that monitors systems, networks and infrastructure. Nagios offers monitoring and alerting services for servers, switches, applications and services. It alerts users when things go wrong and alerts them a second time when the problem has been resolved. III. VULNERABILITY DETAILS Location: Alert Histogram and Trends function. I could insert malicious files in Alert Histogram and Trends function, only need setup

Continue Reading

Minimize false positives for WAF

“You can’t rely on anyone these days, you gotta do everything yourself.” The Joker! I haven’t written in a while. Now I have some time to share some of my old experiences. Start We often use WAF to protect website, but in the process of using, certainly many times you encounter the case of mistakenly blocking non-malicious requests. That seems to make us uncomfortable or take a lot of effort to find its cause, probably because we have not optimized

Continue Reading

[FUN] Bypass XSS Detection WAF

Basically sad life like dog bite, a scary world. Sorry for my English. A little simple knowledge for everyone. This article focuses on WAF’s ability to bypass the ability to detect Cross Site Scripting (XSS). The follow: – Determining payload structure: Determining various payload structures for a given context provides a precise idea of the optimal testing approach. – Probing: Probing, involves testing various strings against the target’s security mechanisms. – Obfuscation: obfuscation/other tweaks payload if required. The returned responses

Continue Reading

Advanced Recon Automation (Subdomains) case 1

The advanced in simple Recon! For bug hunter, pentester, OSINTer, hacker =)))) Why we not create the auto with reconnaissance in a complex world. If really use full/right, we will save many time! Eg: Like CORS scan etc. You can also get some nice vulnerabilities for which you have done nothing! WTF =))) We have to automate everything we can, not to miss it. I give a simple idea like workflow below to sequence problems. 1. Go to subdomain gathering

Continue Reading

Linux kernel exploit cheetsheet

Drive programming Books: linux device driver https://sysplay.github.io/books/LinuxDrivers/ Dynamically assigning device numbers [crayon-5f371e6f7ffc4539552765/] Dev is the outgoing parameter, which is the dynamically obtained device number. Firstminor specifies the first minor. Count and name are the same as the register_chrdev_region parameter definition. https://www.oreilly.com/library/view/linux-device-drivers/0596000081/ch03s02.html http://nanxiao.me/linux-kernel-note-20-device-major-minor-number https://sysplay.github.io/books/LinuxDrivers https://www.kernel.org/doc/Documentation/admin-guide/devices.txt Statically initialize character devices: [crayon-5f371e6f7ffd9039162859/] [crayon-5f371e6f7fff8811207209/] [crayon-5f371e6f80003477855663/] Linux character device driver cdev_init() series Class related api class_create,class_register Extract the rootfs in cpio format Rootfs.cpio is packaged first cpio and then gzipped Decompression must first change rootfs.cpio to

Continue Reading

Anomaly detection for security event

A little for world! There are many types of anomaly could be generated from a corporate network, change overtime. What is considered abnormal today could be a normal activity later on when business policy changes – possible in this false world. Technically, machine learning cluster ingest bigdata, training on predefined models and offer predictions for future activities and real-time anomaly detection. I using two method: * Timeseries anomaly: The most popular anomaly requirements are timeseries anomaly detection. The task is

Continue Reading

HOLD THE SHIT – PHP Backdoor for fun

  This little post for fun is focused on one of the different techniques.  Thinking out of the box, giving exit() basics used in many backdoor codes.  The post focused on the global variables GET, POST, REQUEST. The most used functions: [crayon-5f371e6f82f81434041752/] Simple implementation: [crayon-5f371e6f82f95476012739/] We can use the same functions, but in an elaborate way avoiding that a simple “grep -E” reveals our access. TIPS: Use of shellcode in fixed values. Array is life! Use without moderation. Concatenation of

Continue Reading

OSCP Fun Guide

Table of Contents Kali Linux Information Gathering & Vulnerability Scanning Passive Information Gathering Active Information Gathering Port Scanning Enumeration HTTP Enumeration Buffer Overflows and Exploits Shells File Transfers Privilege Escalation Linux Privilege Escalation Windows Privilege Escalation Client, Web and Password Attacks Client Attacks Web Attacks File Inclusion Vulnerabilities LFI/RFI Database Vulnerabilities Password Attacks Password Hash Attacks Networking, Pivoting and Tunneling The Metasploit Framework Bypassing Antivirus Software Kali Linux Set the Target IP Address to the $ip system variable export ip=192.168.1.100 Find the

Continue Reading

Wakanda: 1 – VulnHub

Một challenge hay, 1 lượng Vibranium cực nhiều, vậy tại sao ta không đi và khai thác nó “Wakanda: 1 ” 😀 Description Name: wakanda: 1 Date release: 5 Aug 2018 Author: xMagass Filename: wakanda-1.ova File size: 638 MB MD5: 37357504835EAF14E276F5EE90DD8807 SHA1: 347667B69BEC293048DCC95AA8FA548E2FBF2827 Format: Virtual Machine (Virtualbox – OVA) Operating System: Linux Download Download: https://drive.google.com/file/d/1aPVQb8HZa4peG1B2DV9-QMYeOuDAgMX6/view?usp=drive_web Download (Mirror): https://download.vulnhub.com/wakanda/wakanda-1.ova Download (Torrent): https://download.vulnhub.com/wakanda/wakanda-1.ova.torrent     ( Magnet) Start Import máy ảo và start. I/ RECON [crayon-5f371e6f8f342005879100/] Port open: 80/tcp, 111/tcp, 3333/tcp SSH Port: 3333/tcp Chả có gì đặc sắc :))) thôi thì

Continue Reading

Mobile app traffic analysis – For Fun

Một trong các công việc của việc pentest các ứng dụng mobile là phân tích các traffic mà ứng dụng đó gửi đi.  Thường là để kiểm tra loại dữ liệu được trao đổi giữa ứng dụng di động và các endpoint nó kết nối với. Nó có thể được sử dụng để xác định các lỗi như “identify insecure  communication, potential mobile app hoặc server side vulnerabilities, hoặc even insecure mobile app hoặc server-side configurations. Background Có hai phương pháp

Continue Reading

Sliding Sidebar

About Me

About Me

My name is Nguyen Anh Tai. I am an independent security researcher, bug hunter and leader a security team. Security Researcher at CMC INFOSEC. I developed the every system for fun :D. My aim is to become an expert in security and xxx!

Social Profiles