Optiv Blog

MSSQL Agent Jobs for Command Execution

· By Nicholas Popovich · 0 Comments

The primary purpose of the Optiv attack and penetration testing (A&P) team is to simulate adversarial threat activity in an effort to test the efficacy of defensive security controls. Testing is meant to assess many facets of organizational security programs by using real-world attack scenarios.

Continue reading 0 Shares

Check Point Kernel Debugging, In-Depth

· By John Petrucci · 0 Comments

The following is a look into the features and inner-workings of debugging the Check Point firewall kernel. This information will prepare you to debug Check Point firewalls with more efficiency allowing you to readily identify relevant troubleshooting data. In the first section, I’ll discuss the different tools that allow you to peek under the hood and understand what’s going on inside the firewall.

Continue reading 0 Shares

The Legendary Command Injection via Password

· By Tim MalcomVetter, Chris Bellows · 0 Comments

When you work with a talented team of penetration testers, after a while only the most noteworthy vulnerabilities stand out in the collective memory of the team. Chris has found more than one of those, but one exploit in particular has resurfaced in team discussions for over a year. The story of this exploit has taken on a life of its own, growing in its embellishment to near-legend status within the team.

Continue reading 0 Shares

Common Web Application Vulnerabilities - Part 10

· By Chris Patten · 0 Comments

In this post, we will cover a couple of concepts and implementations that have historically been used to circumvent the Same-Origin Policy (SOP). Specifically, we will explain the Same-Origin Policy, the JSON with Padding (JSONP) implementation and the Cross-Origin Resource Sharing (CORS) implementation. Finally, we will venture into a couple examples illustrating the use of JSONP and CORS to perform cross-origin requests.

Continue reading 0 Shares

Common Web Application Vulnerabilities - Part 9

· By Andrew Bonstrom · 0 Comments

Padding oracle attacks are becoming more frequent and recently made headlines with the Padding On Oracle Downgraded Legacy Encryption (POODLE) vulnerability within the 18-year-old SSL 3.0. Today, I will be diving into padding oracle attacks and what you can do to defend against them. First, there a few items we need to look at in order to understand the nature of padding oracle attacks.

Continue reading 0 Shares

Common Web Application Vulnerabilities - Part 8

· By Joseph Belans · 0 Comments

Session fixation is an attack against a web application’s session management functionality. The issue is not as common today given that many of the current web application technologies have session management functions built into the language. As a result, the underlying language will manage user sessions in a secure manner. However, the issue is still evident in many applications and therefore a relevant attack vector.

Continue reading 0 Shares

Common Web Application Vulnerabilities - Part 7

· By Hao Nguyen · 0 Comments

Cross-Site Request Forgery (CSRF) vulnerabilities allow an attacker to cause a user to perform an unintended action. The vulnerability exists because browsers automatically send session cookies, and the same-origin policy does not prevent a site from sending a request to a different domain.

Continue reading 0 Shares

Common Web Application Vulnerabilities - Part 6

· By Kyle Grote · 0 Comments

Directory traversal, also known as path traversal, is another vulnerability we sometimes run into during our Security Assessment engagements. A path traversal vulnerability allows attackers to access files and directories that were not intended to be exposed to users. Depending on the severity of the vulnerability, an attacker may be able to gain access to web application configuration files, operating system files, passwords and other forms of sensitive data.

Continue reading 0 Shares

Common Web Application Vulnerabilities - Part 5

· By Joseph Belans · 0 Comments

SQLi, or Structured Query Language injection, is a widely known injection technique used to attack the underlying database of a web application. From a historical standpoint, SQLi is commonly referred as a technique to access a structured database; however, injection attacks are also inherent in the more recent NoSQL technologies (like MongoDB, Elasticsearch, CouchDB, etc.).

Continue reading 0 Shares

Common Web Application Vulnerabilities - Part 4

· By Ryan Dorey · 0 Comments

Command injection, like many of other web application vulnerabilities, finds its root cause in the lack of input validation. This vulnerability type should be fresh on everyone’s mind with the recent exposure of the Shellshock vulnerability late last month.

Continue reading 0 Shares
(17 Results)