Optiv Blog

Customization of IAM Solutions: Risks of Having it Your Way

· By Dusty Anderson · 0 Comments

Forty years ago Burger King launched a revolution in customization, declaring that they could provide you the power of creating your perfect burger combo. Made to order, fresh, fast and no extra cost. The slogan “Have it Your Way” (replaced now by “Be Your Way”) has more than impacted our drive thru satisfaction, it has become a way of applying customization to anything and everything.

Continue reading

Testing Password Reset Token Predictability with the Reset-A-Tron Burp Extension

· By Optiv AppSec Team · 0 Comments

Most web applications provide a 'forgot my password' feature where a recovery or reset token is delivered to the associated account email address. Usually these emails contain a link with a random-looking token that, once clicked, results in the user being able to proceed with the recovery process. It is important to test the randomness of these reset tokens to ensure that attackers cannot forge their own and take over accounts they do not own.

Continue reading

Observations on Smoke Tests – Part 2

· By Raina Chen · 0 Comments

There are a variety of scanning tools in the market today, from commercial to open source. Some are intended only for identifying a particular vulnerability or class of vulnerabilities, such as weak encryption settings for SSL/TLS. Other scanners are designed for comprehensive, deep-dive web application assessments or for ongoing application vulnerability management. Most commercial application scanners can be divided into two categories according to the environment from which they execute: cloud-based and desktop-based. Both have pros and cons.

Continue reading

Quick Tips for Building an Effective AppSec Program – Part 1

· By Shawn Asmus · 0 Comments

An application security (AppSec) program can be defined as the set of risk mitigating controls and business functions that support the discovery, remediation and prevention of application vulnerabilities. Controls take the form of written policies, procedures, guidelines and standards for ensuring secure development practices, along with technology and operational processes that implement them. Focus is typically on internal software development capabilities, but may also encompass applications developed by external third parties and those from commercial vendors.

Continue reading

The Business Trusts the Third Party – Should You?

· By James Robinson, Jeff Wichman · 0 Comments

In this day and age we are faced with some hard facts within information security. One of those facts is that breaches are imminent and we must be prepared. Watching events unfold around us, organizations have taken to heart that breaches and incidents are a top priority, not only to prevent but to have a plan ready to respond if they are impacted. As a result, an increased number of organizations have invested in incident response (IR) tools, processes, skilled resources, as well as retainer and managed services. However, we still find there is progress to be made.

Continue reading

Escape and Evasion Egressing Restricted Networks – Part 2

· By Mike Hodges, Jason Doelger, Curtis Fechner, Brian Payne · 0 Comments

Attackers and security assessors alike are utilizing a technique called domain fronting, which masks malicious command and control (C2) traffic. This blog post revisits this type of evasive offensive cyber operations, which we first covered in a previous post. In this follow-up, we will discuss and demonstrate a nuance to domain fronting, which establishes command and control (C2) channels directly to inbox.google.com as well as other *.google.com applications, and the C2 channel is even encrypted with the legitimate Google SSL Certificate for that application. We'll further share some detection techniques that can be employed in an effort to identify this type of malicious traffic.

Continue reading

Mobile App Testing With Automation Trickery in Frida

· By John Labelle · 0 Comments

When you spend a lot of time doing security testing on mobile apps like I do, you begin to worry that a large part of your life will be spent rebooting mobile apps that have stopped responding. Frida is a powerful testing tool and I love using it, but something I have had to come to terms with is: Stomping your way through an application's runtime is occasionally going to provoke its ire. And programming defensively is one thing, but I can't exactly blame a developer for not thinking, "How do I handle it if every parameter in this function is passed a null reference, instead of the data I painstakingly parsed from the server?"

Continue reading

Intelligence Bulletin – MinionGhost Reemerges

· By gTIC · 0 Comments

At approximately 9:30am EDT on 20 March 2018, hacktivist collective, MinionGhost, announced planned cyber attacks against unspecified Asian entities. Additionally, MinionGhost and other hacktivist groups announced their intent to target Israeli websites and interests as part of the annual global hacktivist campaign, #OpIsrael. Optiv’s Global Threat Intelligence Center (gTIC) assesses with high confidence that MinionGhost and affiliated groups intend to carry out high-level attacks against various websites and entities, however the capabilities of these groups are limited to simple distributed-denial-of-service (DDoS), cross-site scripting (XSS), and SQL injection (SQLi) attempts.

Continue reading

Get Control of the Mayhem: A Day in the Life of a Piece of Unstructured Sensitive Data

· By Ralph Martino · 0 Comments

Sensitive and relevant data, such as personally identifiable information (PII) or intellectual property, may be running rampant in your organization. It can be received or created and often duplicated. Additionally, you can receive sensitive and relevant data from partners or associates via email or FTP. Within your organization people and machines are also creating or generating sensitive and relevant data to support the business.

Continue reading


· By Ken Dunham · 0 Comments

Pass-the-hash (PtH) is an all too common form of credentials attack, especially since the advent of a tool called Mimikatz. Using PtH to extract from admin memory parsing is much faster than old dictionary and brute force style attacks of yester-year using tools such as ”Cain and Abel.” This blog introduces the Windows Security Account Manager (SAM) file, hashes for credentials, how PtH is easily performed using a tool called Mimikatz, and how to detect such attacks within alerts.

Continue reading
(28 Results)