Cyberis Blog
Reassuringly clear thinking.
- Research
Let’s Talk Quantum Cryptography
Quantum computers are on the horizon and the ramifications the technology is expected to produce across a multitude of industries is game changing. They can certainly be described as a disruptive technology when taken in the context of current cryptography and will force a radical change in how secure communication is implemented. A prime reason for this is due to the significant advances they promise to provide in the factoring of large numbers. This is a technique central to the security of several algorithms, such as RSA, in which prime factors of large numbers are utilised in encryption precisely because of the traditional difficulty in computing such numbers. Consequently, the security afforded by RSA alongside other similarly implemented algorithms will be heavily impacted, if not entirely broken. We’re left with a void within the field of classical cryptography that its quantum equivalent attempts to fill.
- Detect and respond
BlueKeep: Perimeter Assessments Remain As Important As Ever
The basic security principle of keeping the attack surface as small as possible is still as important as ever, however you define your perimeter. Keeping an eye on the attack surface of the network perimeter, is not an obsolete activity, it is as important today as it was twenty years ago.
- Penetration testing
When Low Risk Vulnerabilities Attack
When undertaking penetration testing against Internet facing systems, we often see information exposure vulnerabilities. These expose information regarding the systems under test that can, in isolation, be considered low risk as they are not directly exploitable to obtain access to systems or sensitive data.
- Detect and respond
- Research
Microsoft Exchange Client Access Server Information Disclosure
If you manage Microsoft Exchange and OWA in your environment and you are undergoing an external penetration test or Cyber Essentials assessment, you will often be faced with the Client Access Server Information Disclosure vulnerability identified by Nessus (https://www.tenable.com/plugins/nessus/77026) or other vulnerability scanners. Until recently, this vulnerability went unaddressed by Microsoft for versions of IIS after 6.0 and before 10.0. The majority of advice provided by online resources suggests applying the latest patches, but as patches don't exist for version 7.0 to 8.5, this isn't an option.
- Penetration testing
- Tools and techniques
User Enumeration - Timing Discrepancies
I find myself writing this blog today as there are only a few references on the internet to user enumeration attacks via timing discrepancies, despite almost every site I've tested in my career being vulnerable to the weakness. The issue is fairly obvious from the title; an application log-in response takes differing amount of times depending on whether or not the user is valid. But why?
- Red teaming
- Tools and techniques
Attacking Big Business
Reputational filtering typically blocks websites known to be malicious, performs antivirus scanning of all traffic, and crucially for us in respect to performing a simulated attack, warns end-users when visiting "non-categorised" sites. Any URLs and domains used as part of an attack now require user interaction in a web browser. This effectively rules out using newly stood up infrastructure both at the delivery and exfiltration stages of an attack, as these activities are performed without the victim's knowledge. The only options left to the attacker would be to "build" reputation over time, or alternatively, cheat the system.
- Penetration testing
PHP Serialization And SQL Injection
Sanitisation of user input is essential for preventing SQL injection, regardless of the format of the supplied data. Today I'm going to look at SQL injection through a more obscure injection point: serialized PHP arrays. Taking inspiration from a finding in a recent test, I've created a small app which allows the user to upload a CSV file. This file is then converted to a PHP array, serialized and returned to the user as a hidden form field. Finally, this is posted back to the application where the supplied data is inserted into the MySQL database.
- Penetration testing
- Tools and techniques
Creating Macros For Burp Suite
There are many tools available for automated testing of web applications. One of the best known is probably sqlmap. Sqlmap allows you to identify and exploit SQL injection vulnerabilities with ease from the command line. However, controls such as CSRF tokens or simple anti-automation techniques such as including a unique hidden value within the form can prevent automated tools from working correctly. Macros in Burp Suite are a great way to bypass these measures in order to carry out automated testing, although they can be complicated to implement.
Improve your security
Our experienced team will identify and address your most critical information security concerns.