Dear PenTest Readers,
In this month’s edition we focus on the topic of advanced WebApp attacks. Our contributors provide an impressive collection of articles, tutorials, and case studies that will certainly help you enhance your offensive skill set. And we know very well that practising attacks is the favourite activity of every pentester! Are you ready to boost your arsenal? :)
We start the issue with a fantastic article by Chrissa Constantine about inference attacks in the context of Artificial Intelligence and Machine Learning. As this topic has not been widely covered so far, this article is an absolute must read for all those who want to be up-to-date with the latest trends in penetration testing with the use of AI.
Staford Titus comes back with another great tutorial! This time, our course instructor and a regular contributor helps you discover the Local File Inclusion Vulnerabilities. Those of you who are already familiar with Staford’s writings know that nothing but exceptional quality can be expected.
Karim Mchatta brings in a very interesting write-up on exploiting web applications based on business logic and misconfiguration. We’ve divided it into two parts for your reading convenience, as the first part presents more theoretical background, and the second part is focused only on practical scenario descriptions.
If you are into Burp Suite, there is also a great treat for you! Nairuz Abulhul brings in a very useful walkthrough on bypassing IP restrictions with this software. Another great technique presented to our readers.
As usual, there are more articles on many various cybersecurity topics. You will enjoy the wide range of covered aspects, from cybersecurity start-up industry to automated SOC. Special thanks to all the contributors, reviewers, and proofreaders who helped in creating this edition.
Without further ado,
Let’s dive into the reading!
PenTest Magazine's Editorial Team
Table of Contents
Inference Attacks: Artificial Intelligence, Machine Learning, and Privacy
by Chrissa Constantine
For a web application penetration test, numerous advanced web application attacks and inference attacks attempt to data-mine SQL databases by leveraging the deltas in responses. The goal is to gain information about the database or a subject illegitimately. Adversaries can leak sensitive information if an attacker can infer the actual value with a high degree of confidence.
You Are Your Worst Enemy: LFI and Beyond
by Staford Titus
LFI, or Local File Inclusion, Vulnerabilities provide a client accessing a web server undue access to some (or even all) of the sensitive files local to the server. These files could range from clandestine copies of a company's business models, server credential files to an attacker uploaded payload potentiating disastrous results. Local File Inclusion Vulnerabilities closely shadow Directory Traversal vulnerabilities. Hence, the attacker can pivot between and within directories to obtain any file. It opens up avenues for some serious considerations. Thus, if the attacker was able to view the server OS's credentials file and manages to de-hash the password, then he/she could essentially log in to the machine and wreak havoc. Local File Inclusions tend to exist where the inclusion of files is performed directly in a webpage sans any validation or restriction.
Exploitation of the Web Application Based on Business Logic and Misconfigurations. Part 1.
by Kharim Mchatta
In this article, we are going to discuss how to exploit a web application based on business logic and some misconfiguration on the security postures of the web application. When it comes to the aspect of web attacks, there is a lot of planning and information gathering that is done before the actual attack is performed.
Exploitation of the Web Application Based on Business Logic and Misconfigurations. Part 2.
by Kharim Mchatta
As we’re done with the theoretical background and the first scenario, in this part, we continue to discuss two another scenarios of exploiting web applications based on a business logic.
Bypass IP Restrictions with Burp Suite
by Nairuz Abulhul
Since it is a pain to modify requests manually in attempts to bypass these WAF restriction rules, Burp can help automatically insert the required headers into each request sent to the application. There are two methods to achieve our goal through Burp Suite, through the match and replace rules, which is actually what I used all the time before discovering the other method, Bypass WAF extension. I was unaware of the extension before working on the Control machine on HTB, and I came across the extension when researching better ways to automate forwarding requests. Even though I liked using the extension, I am going to include both methods for reference.
The Automated SOC Reviewing the Future of Layered Security Solutions
by David Evenden
With access to network connections, queries, and processes, analysts operating in the Automated Security Operations Center are also able to see and create customized alerts based on anomalous internal network activity. For instance, a common TTP of malicious attackers is to use SMB/445 to communicate and migrate throughout a network jumping from machine to machine. With the granular level of access in this new tool, analysts are now able to stop endpoint activity that initiates 445 connections from workstations to workstations -- a location SMB-to-SMB activity is rarely authorized.
Starting a Cybersecurity Company: Industry Market Analysis
by Bruce Williams
The startups in cybersecurity are spread amongst these sectors. If you had a startup, you see which companies are your main competitors and which startups have recently entered the industry sector. When you seek seed capital, your investors want to see industry analysis similar to the above before they invest. Usually, venture capital investors look to offset risks by getting additional investors to share the risk.
Content Security Policy and its Importance [FULL ARTICLE AVAILABLE IN THE FREE PREVIEW VERSION]
by Cyril James
In essence, a CSP functions like a bouncer at a club. It allows that data that is deemed okay to pass. And prevents that data which is not. This protects the interests of your customers and increases their return rate to your website. But you need to know why your website could be vulnerable to such attacks in the first place. Your web application does not contain all the information it needs by itself. It often needs to obtain some data from a third-party source, such as Google. This works smoothly until an attacker uses a method called Cross-Site Scripting (XSS) to insert their malicious code.
An Interesting Bash Vulnerability
by Sanjeev Kumar
This short tutorial will present you with one of the exploits for an outdated Bash version.
Wi-Fi Hacking with a Weak Password - Case Study
by Vinod Gupta
Over the years there are various news flashing over the internet about the compromise of Wi-Fi networks around the world and leakage of confidential data such as usernames, passwords and other confidential information, though the owners of the wireless device consider themselves secure with the implementation of a password, actually they are not very secure as they think.