Phishing is phishing

E-mail phishing. Spear phishing. Whaling. Pharming. Smishing. Vishing. What’s next? Slishing (on Slack)? Dishing (over Discord)? Wishing (via Webex)? Kishing (through a Sean Connery themed dating site)? Creating a new verb for every attack vector is a sure-fire way to overwhelm users to the point of not caring. It’s true that we as #cybersecurity professionals find it useful to articulate the various categories, but…

Hacking the Juice Shop: Enumeration

Welcome to the second article of my Juice Shop series, where I will be documenting a miniature penetration test against OWASP’s Vulnerable Web Application, Juice Shop. As a reminder, there are a few stages to the penetration testing process: Pre-engagement Interactions Reconnaissance / Information Gathering Scanning (or Enumeration) Vulnerability Assessment Exploitation Reporting These phases aren’t always linear. It’s best to think of it as…

Hacking the Juice Shop: Information Gathering

The Juice Shop is an intentionally vulnerable web application developed by the Open Web Application Security Project (OWASP). It has a series of challenges that allow hackers to learn how to exploit many of the vulnerabilities that fall under the OWASP Top 10. I’m going to be posting a series of articles that effectively documents a miniature penetration test, which, generally speaking, consists of…

Multi-threaded Port Scanner

One of the core functions performed during network reconnaissance is identifying open ports on a target host. There exist hundreds of tools that can scan for open ports, but the fundamental idea of a port scanner is attempting to establish a socket connection. If the connection is successful, that port is open. If not, no services exist there or the host is otherwise rejecting…

Overview of Common Vulnerability Scoring System (CVSS)

If you’re new to cybersecurity, here’s a useful tool you should understand. It’s called the Common Vulnerability Scoring System, also referred to as the CVSS score. In this post, I’ll be specifically referring to the latest version, CVSS 3.1. CVSS is a way of calculating a metric that can be used to prioritize the potential impact of an exploited vulnerability. The score is calculated…

Using RouterOS-Scanner

During early March 2022, Microsoft released a security tool to scan for vulnerabilities associated with Mikrotik devices which run RouterOS. The tool is a credentialed scanner written in Python which logs in via SSH to run a variety of commands to gather information. The tool & code is available on Microsoft’s git repo for RouterOS-Scanner. Once you have downloaded the code, you can run…

Okta Hack: March 23rd Updates

The Okta Hack story development continues… On March 23rd, David Bradbury, CSO of Okta, issued a press release detailing a timeline of their incident response. In summary, Okta utilizes third-party vendor Sitel for customer support inquiries. In late January, a support engineer’s account was supposedly accessed but the employee declined the MFA challenge. The Okta security team contained the user account and shared indicators…

Okta Hack: Why it’s Important

On March 22, 2022 news outlets began reporting that identity & access management provider Okta had been the victim of data extortion group LAPSU$ as part of a supply chain attack. Okta is a platform that enables enterprises and small businesses to manage and secure user identities, authentication and access control. The software is part of the Authentication, Authorization and Auditing (AAA) function of…

Stop asking for legal & preferred name on job applications

Recruiters / hiring managers: When you meet someone for the first time, would you demand to see their papers before you will even speak to them? Of course not. That would be rude. And weird. You would just ask them what their name is.  So why do your job applications ask candidates to make the distinction between legal and preferred names? From a transgender…