What Happens When You Access Google.com

One of the most frequently asked questions during IT interviews is, “What happens when you try to access google.com in your browser?” It’s a fantastic question that allows you to demonstrate a wide variety of technical understanding. There are so many different layers involved: HTTP, DNS, TCP/IP networking, caching, load balancing, and browser details (autocomplete, tracking, memory management, etc). This is my attempt at…

WhatPulse Security Testing & Disclosure – Technical Details

Technical Report The findings contained within this report were responsibly disclosed to the developer who resolved the issues and approved of its dissemination. Request When submitting a password change, the following POST request was intercepted via Burp Suite proxy: In addition to a variety of HTTP headers, cookies, and session ID, there are four fields submitted in the body of the POST request: whatpulse_token…

WhatPulse Security Testing & Disclosure – Summary

Background I have been using WhatPulse for over 17 years. WhatPulse, first released in 2003, is a client capable of tracking computer usage data for personal analytics purposes. For example, it can generate a heatmap of the most frequently typed letters, most frequently clicked screen location, or how far your mouse cursor has traveled over time. Michael from Vsauce included WhatPulse in one of…

Phishing is phishing

E-mail phishing. Spear phishing. Whaling. Pharming. Smishing. Vishing. What’s next? Slishing (on Slack)? Dishing (over Discord)? Wishing (via Webex)? Kishing (through a Sean Connery themed dating site)? Creating a new verb for every attack vector is a sure-fire way to overwhelm users to the point of not caring. It’s true that we as #cybersecurity professionals find it useful to articulate the various categories, but…

Hacking the Juice Shop: Enumeration

Welcome to the second article of my Juice Shop series, where I will be documenting a miniature penetration test against OWASP’s Vulnerable Web Application, Juice Shop. As a reminder, there are a few stages to the penetration testing process: Pre-engagement Interactions Reconnaissance / Information Gathering Scanning (or Enumeration) Vulnerability Assessment Exploitation Reporting These phases aren’t always linear. It’s best to think of it as…

Hacking the Juice Shop: Information Gathering

The Juice Shop is an intentionally vulnerable web application developed by the Open Web Application Security Project (OWASP). It has a series of challenges that allow hackers to learn how to exploit many of the vulnerabilities that fall under the OWASP Top 10. I’m going to be posting a series of articles that effectively documents a miniature penetration test, which, generally speaking, consists of…

Multi-threaded Port Scanner

One of the core functions performed during network reconnaissance is identifying open ports on a target host. There exist hundreds of tools that can scan for open ports, but the fundamental idea of a port scanner is attempting to establish a socket connection. If the connection is successful, that port is open. If not, no services exist there or the host is otherwise rejecting…

Overview of Common Vulnerability Scoring System (CVSS)

If you’re new to cybersecurity, here’s a useful tool you should understand. It’s called the Common Vulnerability Scoring System, also referred to as the CVSS score. In this post, I’ll be specifically referring to the latest version, CVSS 3.1. CVSS is a way of calculating a metric that can be used to prioritize the potential impact of an exploited vulnerability. The score is calculated…

Using RouterOS-Scanner

During early March 2022, Microsoft released a security tool to scan for vulnerabilities associated with Mikrotik devices which run RouterOS. The tool is a credentialed scanner written in Python which logs in via SSH to run a variety of commands to gather information. The tool & code is available on Microsoft’s git repo for RouterOS-Scanner. Once you have downloaded the code, you can run…