During a recent penetration test I conducted against one of our client’s websites, I found an interesting case of a misconfigured CORS implementation that I would like to quickly showcase in this post. From Wikipedia, cross-origin resource sharing (CORS) is a mechanism that allows restricted resources (e.g. fonts) on a web page to be requested […]
Dionach Admin
NESA UAE Information Assurance Standards
The UAE’s National Electronic Security Authority (NESA) has developed the UAE Information Assurance Standards (IAS). These are primarily based on ISO 27001:2005. This blog entry reviews the IAS and looks at how organisations can get compliant to them.
Risk based Application Penetration Testing
It is generally accepted within the information security world that penetration testing is a good way to provide assurance as to the security of applications or infrastructures. With numerous companies offering these testing services, how do you differentiate and evaluate which company uses the best approach for your organisation? At Dionach we perform a large […]
Should I allow my pentester on my IPS?
Should I allow my penetration tester’s IP address range on my intrusion prevention system? Variations of this question have featured in numerous information security forums and mailing lists. Unfortunately, the factors and variables in play here are considerable so a worthy response is unlikely to be short or universal. This blog post aims to highlight […]
Different Ways of Transferring Files Into and Out of a Citrix Environment
During a recent engagement I was asked to perform a penetration test of a Citrix environment. One particular requirement of this test was to see whether I could transfer files back and forth between my local computer and the remote environment. The easiest way to transfer data was through their web proxy. Although it implemented […]
Information Security Tips
Some simple tips to improve the Information Security of your organisation. Stop using sticky notes as advertisements for your passwords Do not leave your password where someone can easily read it. This is the same as not having a password at all, as anyone can read it and log in as you. Ensure that you […]
Splunk Web Shell
Now and then, while performing internal penetration tests we come across Splunk default installs where system users can log in as “admin” and are granted the associated privileges without having to authenticate. Splunk is based on Django, and among the options it gives you when accessing the admin panel is one that is particularly attractive […]
What is Red Teaming?
Red Team exercises can be thought of as extended penetration tests designed to thoroughly assess an organisation’s security posture across multiple domains. Some security firms employ the term liberally, packaging it up and conflating it with conventional assessments; just maybe with a bit of social engineering thrown in. But ‘old wine, new bottle’ it is […]
PCI DSS: Which Self-Assessment Questionnaire?
For many small and medium size organisations it can be a difficult to know where to start with PCI DSS. There is quite a lot of PCI DSS documentation to get your head around, and some of the terminology is difficult to understand initially. Furthermore, your bank (or acquirer) may be telling you to become […]
Grabbing Microsoft SQL Server Password Hashes
Once you get domain administrator during an internal penetration test, it is a common practice to gather as much information as possible including clear text credentials, password hashes, tokens and so on in order to compromise the network further. An example of these are the Microsoft SQL (MS SQL) Server password hashes. Since version 2008 […]