Attacks and offensive tools.
Sometimes you want to access services running on unusual ports, like a SSH server running on port 2222 for example. If connection fails, how can we detect the outgoing ports that are filtered or open on the network?
ReadPublication Offensive Security
Due to the numerous advantages of machine learning (ML) algorithms, many applications now incorporate them. However, many studies in the field of image classification have shown that MLs can be fooled by a variety of adversarial attacks. This raises many questions in the cybersecurity field, where a growing number of researchers are recently investigating the feasibility of such attacks against machine learning-based security systems, such as intrusion detection systems.
ReadIn a previous blog post, we have explained what SQL injection is, and how to exploit it using sqlmap. In this blog post, we will show some additional techniques: how to exploit web applications that use clean URLs, how to exploit a POSTed form, how to hide traces etc.
ReadIn previous blog posts, we have already illustrated two web application vulnerabilities: brute force login cracking and SQL injection. In this post we illustrate a 3rd vulnerability, unrestricted file upload, and show how it can be exploited using a web shell.
ReadIn this blog post, we will show that a login page from a web application can be easily cracked if the application does not implement specific protections against this kind of attack.
ReadOffensive Security Cylab Play PHP
Code injection is one of the most critical web application vulnerabilities. Indeed, the consequences of code injection can be dramatic (impact). Moreover, still today a lot of web applications are vulnerable to code injection (frequency). Finally, some tools like SQLMap allow to automatically detect and use these vulnerabilities (exploitation). For this reason, the vulnerability is listed in the top 10 published by the Open Web Application Security Project (OWASP) [1]. In this blog post, we will present one type of code injection, called SQL injection, and we will show how to perform a SQL injection attack with SQLMap.
ReadTools Offensive Security Red Teaming
In the first part of Mitre Att&ck in Practice, the Att&ck Navigator and the Atomic Red Team were presented. The Navigator allows to interact with the Att&ck Matrix in a very flexible way. The Atomic Red Team (ART) is a collection of code snippets designed to actually carry out Techniques. The link between an Att&ck Technique and the ART is easily done via the Technique IDs.
ReadTools Offensive Security Red Teaming
One of our previous blog post presented the Mitre Att&ck Framework and the associated Mitre Att&ck Matrix. This post is the first of a set of three that will present how to link the Mitre Framework with open source tools to design and test offensive actions in practice.
Readarp-scan is a simple tool that can be used list the IP addresses (and devices) used in a network. It works by sender ARP 'who-has' requests for every IP address of the subnet. If the IP address is used by a device, it will reply with an ARP 'reply' packet.
ReadOffensive Security Cyber Range
The GHOSTS Framework is an open-source project created by Dustin Updyke, a cybersecurity researcher from the Carnegie Mellon University. It's a framework which offers a way to simulate user activity, usually for cyber awareness trainings or research in the field of cyber defense.
ReadTools Offensive Security APT Detection
Defining cyber attacks is a difficult task. They vary in origins, goals and, at first glance, the techniques used might seem very different. Luckily a popular model was defined by Lockheed Martin, still used to this day, which illustrates very well the lifecycle of a typical cyber attack. The Cyber Kill Chain, popular but controversial, defines the 7 principal steps of an attack. There have been many advances, since its original conception, one of which is the wildly acclaimed ATT&CK Matrix for Enterprise.
ReadFor years, hackers have been the main characters of movies, books and generally have captured the imagination of regular folks. When we see these hackers use the tools of their trade, we usually see a black screen with green text flashing as fast as possible on the screen, lost in commands and bright flashing lights. This can't be any further from reality, as most hackers will spend hours and days on end to accomplish their tasks, usually staring at a screen, using their programs of choice.
Read