Optiv Blog

MSSQL Agent Jobs for Command Execution

· By Nicholas Popovich · 0 Comments

The primary purpose of the Optiv attack and penetration testing (A&P) team is to simulate adversarial threat activity in an effort to test the efficacy of defensive security controls. Testing is meant to assess many facets of organizational security programs by using real-world attack scenarios.

Continue reading 0 Shares

Top 20 CIS Critical Security Controls (CSC) Through the Eyes of a Hacker – CSC 6

· By Joshua Platz · 0 Comments

Collect, manage, and analyze audit logs of events that could help detect, understand, or recover from an attack.

Continue reading 0 Shares

Integrating Dynamic Testing Tools into the Development Process

· By Gregory Leonard · 0 Comments

The creation and integration of a secure development lifecycle (SDLC) can be an intimidating, even overwhelming, task. There are so many aspects that need to be covered, including performing risk analysis and threat modeling during design, following secure coding practices during development, and conducting proper security testing during later stages.

Continue reading 0 Shares

Breaking Credit Card Tokenization – Part 2

· By Tim MalcomVetter · 0 Comments

Side channels are unintended ways information can be observed in a system. Attackers can leverage side channels to make software divulge details that developers never intended. For a deeper dive on the subject, look at Shannon’s Information Theory to understand key ideas like entropy and signal-to-noise ratios. In this post, we will dig into a timing side channel attack against credit card tokenization systems.

Continue reading 0 Shares

Black Hat Tools Arsenal: Burp-Hash Plugin, Part 2 - How it Works

· By Scott Johnson, Tim MalcomVetter, Matt South · 0 Comments

This is a follow-up post about our Burp-Hash plugin for the Burp Suite that we presented at the Black Hat USA Tools Arsenal. You can read the backstory that inspired us to create the tool in Part 1 of this post. You also can watch a quick two-minute video overview of the plugin on YouTube.

Continue reading 0 Shares

Microsoft MIM One-On-Won

· By Aaron Lentz · 0 Comments

With the recent revamping of Microsoft Identity Manager (MIM), formerly known as FIM, there is great potential for their IAM solution to rejoin the heavy hitters in the IAM spectrum in 2015.

Continue reading 0 Shares

Cisco DLSw Leakage Allows Retrieval of Packet Contents from Remote Routers

· By Tate Hansen, John McLeod · 0 Comments

In early 2014, we, Tate Hansen and John McLeod, were on a mission, sent by our Pwnfather Patrick Fleming (who taught us everything we know, including things unmentionable in this post) to the dark corners of a secure environment deep within the massive infrastructure of one of the world’s most complex networks.

Continue reading 0 Shares

War Dialing Part 2: Extrapolating Results and Validating Numbers

· By Chris Patten · 0 Comments

Although manually traversing the database isn’t out of the question, I decided that it would be easier to have something that can pull the results quickly in the event that they are needed for reporting requirements. This is often the case when we are tasked with providing results for the entire list of phone numbers dialed during a war dialing assessment. For instance, it is necessary to understand which tones lead to modems, fax, voice and voicemail. All of these cases warrant their own assessment techniques.

Continue reading 0 Shares

War Dialing Part 1: The VoIP and Analog Primer

· By Chris Patten · 0 Comments

In this series of posts, I will introduce the concept of telephony war dialing along with techniques to perform such assessments. Initially, we need to describe “war dialing” and its practical application. In order to serve this justice, we need a short history lesson on telephony.

Continue reading 0 Shares

Common Web Application Vulnerabilities - Part 10

· By Chris Patten · 0 Comments

In this post, we will cover a couple of concepts and implementations that have historically been used to circumvent the Same-Origin Policy (SOP). Specifically, we will explain the Same-Origin Policy, the JSON with Padding (JSONP) implementation and the Cross-Origin Resource Sharing (CORS) implementation. Finally, we will venture into a couple examples illustrating the use of JSONP and CORS to perform cross-origin requests.

Continue reading 0 Shares
(31 Results)