Hacking the Juice Shop: Enumeration

Welcome to the second article of my Juice Shop series, where I will be documenting a miniature penetration test against OWASP’s Vulnerable Web Application, Juice Shop. As a reminder, there are a few stages to the penetration testing process: Pre-engagement Interactions Reconnaissance / Information Gathering Scanning (or Enumeration) Vulnerability Assessment Exploitation Reporting These phases aren’t always linear. It’s best to think of it as…

Hacking the Juice Shop: Information Gathering

The Juice Shop is an intentionally vulnerable web application developed by the Open Web Application Security Project (OWASP). It has a series of challenges that allow hackers to learn how to exploit many of the vulnerabilities that fall under the OWASP Top 10. I’m going to be posting a series of articles that effectively documents a miniature penetration test, which, generally speaking, consists of…

Multi-threaded Port Scanner

One of the core functions performed during network reconnaissance is identifying open ports on a target host. There exist hundreds of tools that can scan for open ports, but the fundamental idea of a port scanner is attempting to establish a socket connection. If the connection is successful, that port is open. If not, no services exist there or the host is otherwise rejecting…

Overview of Common Vulnerability Scoring System (CVSS)

If you’re new to cybersecurity, here’s a useful tool you should understand. It’s called the Common Vulnerability Scoring System, also referred to as the CVSS score. In this post, I’ll be specifically referring to the latest version, CVSS 3.1. CVSS is a way of calculating a metric that can be used to prioritize the potential impact of an exploited vulnerability. The score is calculated…

Using RouterOS-Scanner

During early March 2022, Microsoft released a security tool to scan for vulnerabilities associated with Mikrotik devices which run RouterOS. The tool is a credentialed scanner written in Python which logs in via SSH to run a variety of commands to gather information. The tool & code is available on Microsoft’s git repo for RouterOS-Scanner. Once you have downloaded the code, you can run…

Okta Hack: March 23rd Updates

The Okta Hack story development continues… On March 23rd, David Bradbury, CSO of Okta, issued a press release detailing a timeline of their incident response. In summary, Okta utilizes third-party vendor Sitel for customer support inquiries. In late January, a support engineer’s account was supposedly accessed but the employee declined the MFA challenge. The Okta security team contained the user account and shared indicators…

Okta Hack: Why it’s Important

On March 22, 2022 news outlets began reporting that identity & access management provider Okta had been the victim of data extortion group LAPSU$ as part of a supply chain attack. Okta is a platform that enables enterprises and small businesses to manage and secure user identities, authentication and access control. The software is part of the Authentication, Authorization and Auditing (AAA) function of…

Stop asking for legal & preferred name on job applications

Recruiters / hiring managers: When you meet someone for the first time, would you demand to see their papers before you will even speak to them? Of course not. That would be rude. And weird. You would just ask them what their name is.  So why do your job applications ask candidates to make the distinction between legal and preferred names? From a transgender…

Two-Step Verification vs. Multi-Factor Authentication

Google recently announced that they have seen a 50% decrease in account compromises since auto-enrolling users in 2-Step Verification (2SV) in late 2021. This is great news from a cybersecurity stand-point. However, it’s worth noting that two-step verification is less secure than proper multi-factor authentication (MFA). To understand the difference between 2SV and MFA, consider the following authentication factors: Something you know (usernames, passwords)…