Posts

In the field of Cybersecurity and DevOps, there is no substitute for hands-on experience with cloud infrastructure. To further my own practice, I have recently started diving into the Microsoft Azure ecosystem. It’s an excellent sandbox for learning with $100 in credits and 750 hours of B1s compute, you have exactly what you need to keep a single VM instance running 24/7 while you experiment.

For this project, I set out to deploy a custom Nginx web server on a Linux VM. Here is a breakdown of the configuration and the logic behind my deployment.

I use Python locally within Visual Studio Code to call a public API. The goal of this exercise is not only to make a successful HTTP request, but also to understand the individual parts of a small Python script that interacts with a real internet service.

A good beginner API for this type of project is the GitHub REST API. This API is useful because it allows new developers to practice with real-world data while learning concepts that commonly appear in professional software development. These concepts include HTTP status codes, JSON responses, environment variables, API tokens, error handling, and storing project dependencies in a local virtual environment.

All modern websites consist of at least 3 fundamental components: HTML, CSS, and JavaScript. HTML creates structure, CSS is used for styling, and JavaScript enables interactive user experiences through manipulation of the DOM (Document Object Model). JavaScript however, can also be used by malicious actors to access sensitive information on the client-side. One major category of web application vulnerabilities is known as cross-site scripting (XSS). This vulnerability occurs precisely due to any malicious user’s ability to inject JS code into a vulnerable website. If proper security controls are not implemented, this vulnerability makes it possible for an attacker to read and steal an end-user’s cookies and session information that otherwise should be private and confidential.

In this lab exploring HTML forms-based authentication, I use Burp Suite to fuzz a username of interest to discover a valid password combination. “Fuzzing” in the context of web application security means any automated attempt to inject a large number variables into any field that accepts user input. The tester then monitors the application for unexpected behavior or unusual results that may indicate the presence of a vulnerability. Possibilities for fuzzing input ranges from common usernames, passwords, URLs, sensitive data patterns, executable shell commands and SQLi payloads. SecLists is a well-known repository that maintains wordlists for each of these mentioned categories. The choice of which wordlist to use depends on the context of the input field and what category of vulnerability the tester suspects may exist within the application.

An interception proxy is a must-have tool in any web application penetration tester’s arsenal. In brief, an interception proxy is an application downloaded on a host computer and sits in-between a client browser and the remote web server. This specialized tool is purpose-built to intercept HTTP requests that are initiated from the client browser before the message is delivered to the remote web server. The tool can manipulate certain elements of the request such as session cookies or parameter values. The application proxy also handles the HTTP response in-reverse, meaning the tool can examine the raw data contained in the server’s response before the content is ultimately rendered by the client browser.

In the world of digital forensics, we can envision data as belonging to two distinct categories. Those categories are either volatile, or non-volatile states of data (Mohanta, 2020). Volatile data includes random-access memory (RAM) that depends on a running power supply, whereas read-only memory (ROM) or data that is written to a hard disk is considered non-volatile. The readable contents of non-volatile data do not change upon power interruption. The industry standard open source tool I will explore this week to conduct memory forensics on traditional desktop endpoints has aptly been named Volatility.

It is difficult to ignore how the internet has now made it possible to cause harm in a digital environment (McGovern, 2018). According to Western interpretations of proper jurisprudence and social contract theory, individuals gain safety from legal protections that otherwise would not exist without government regulation, surveillance, intervention, and punishment. In the United States of America, the Constitution and Bill of Rights have served as ethical architecture and scaffolding in the physical world reasonably well since their ratification in 1788. However, due to the unrelenting nature of change, new technologies have since emerged that now question how legal standards such as the First Amendment and a Right to Privacy ought to apply in the modern world. Today, societies must respond and equip themselves with new laws and regulations that better anticipate cyber threats in-advance and proactively take steps to defend against criminal behavior in a challenging and constantly evolving online environment.

Once a vulnerability is discovered in any given IT system, one common payload a malicious attacker often wants to deliver is a reverse shell. From the black-hat attacker’s perspective, he or she wants to establish remote command-line access on the server-side of a victim’s business network. But what is a “shell?” And why is it considered “reverse?” I will explore these questions in the following brief discussion on the topic.

In today’s modern tech-centered business environment, corporations like Facebook, Google, and Amazon have collected extensive analytics of users’ online digital behavior in order to build, maintain, and increase their market caps. Public scandals such as Facebook’s voluntary involvement with Cambridge Analytica clearly reveal that businesses have enormous financial incentives to gather, store, and sell the personally identifiable information of end users. Historically, the legal guidelines surrounding the processing of users’ personal data has been lax. However, in response to this growing list of privacy concerns, European lawmakers passed and codified the General Data Protection Regulation (GDPR) on May 25th, 2018.

Nmap is an extremely powerful, free and open-source network mapping utility that can be used for many purposes. In this post, I provide a brief overview of what Nmap can be used for in the cybersecurity industry. These various and useful functions include determining what hosts exist on a network, what services those hosts may offer, and what operating systems (and OS versions) may be running on the backend. Nmap can also scan information about firewalls and potentially also how to evade them. All of this information is acquired across whichever devices respond in the scanned range of IP addresses.