Buffer Overflow

Before delving into cloud forensics there are some concepts that need to be explained. The cloud consisted of two entities, provider (companies that host cloud technologies) and tenants (companies that use cloud technologies from the providers). The cloud generally consists of three service models:  Infrastructure-as-a-Service (IaaS) where the provider provides the hardware and network. Platform-as-a-Service (PaaS) where the provider provides all the components to a tenant's application. Software-as-a-Service (SaaS) where the provider supplies the software and the components to run it and the tenant uses and at most configures the application. Chris Brenton gives a great overview of the cloud and the challenges it poses in the link below: https://www.sans.org/blog/pen-testing-in-the-cloud/ Surprisingly there is not a lot of coverage out on the web for cloud forensics and this makes sense. Cloud forensics analysts, especially for tenants, may be somewhat limited on acc...

No matter what you do as a hacker, at some point you are going to traverse memory. Computers can almost be thought of as recording devices; anything a user does gets recorded somewhere and memory is a good place to start forensic investigations. This may sound like it is therefore impossible to completely avoid leaving a footprint of some kind on a computer and while that may be true to at least some extent, there are ways to avoid detection from memory acquisition tools. But before understanding these methods it is first necessary to understand how these memory acquisition tools work. Volatility is an open source framework written in python. It contains numerous plugins to analyze a memory dump. Memory dumps can be obtained from tools such as AccessData FTK Imager which is nothing more than loading the program and then choosing File >> Capture Memory and then choosing where to save the .mem file. Once the memory is acquisitioned it can be analyzed with volatility comma...

The ability to remain stealth during a penetration exercise is what separates a sophisticated hacker from a script kitty. The phrase “The Quieter You Become, The More You Are Able to Hear” holds true, especially in the field of hacking. Being able to perform Ani-forensics and avoid detection is critical to the success of hacking and penetration testing and understanding these methods is beneficial, even for white hat hackers, as there will be times in a penetration where the system is already compromised. In such cases, understanding what the attacker is doing in order to cover their tracks can help determine the sophistication of the attack or bring prosecution to the attacker. All hacks begin with system enumeration and nmap is one of the best tools to use during this discovery phase. However, as I explained in Scanning With nmap blog, port scanning a bunch of IP Addresses or every port on a target system is noisy and can cause denial of service conditions (very bad if you are ...

It should be no surprise that the cloud can be just as vulnerable as in-house servers; after all the cloud is just data centers with servers connected to the internet. Cloud data centers such as Amazon, Microsoft, and Google do have top notch security such as physical controls like concrete barriers and utilize the most recent and secure network protocols such as IPv6. However, this does not stop users of the cloud from poorly implementing security configurations or writing bad code for the sites a cloud may host. Even more interesting, it has been found that the cloud vendors themselves have vulnerabilities.  Let’s delve into some of these issues and how they may be addressed. 0day vulnerabilities in the cloud vendors themselves do exist. Azure, in example, did have a 0day Cross-Site Scripting (XSS) vulnerability. Chris Dale, a penetration tester, found a command injection flaw that allowed him to set environment variables of a process using an XSS payload. The command injec...

Hello all, This post is going to take a different direction from the previous posts which focused mainly on technical knowledge and tools and talk about one of the most important tasks in cybersecurity, information gathering. Not information gathering as in port scanning a client or doing google searches on a target (though the concepts in this post can be used for that), information gathering as in making sure one is pulling data from valid sources and avoiding disinformation. As a cyber-security professional its important to have a list of sources that are well vetted and/or backed by an organization or government agency. Given the vast amount of organizations, agencies, and institutions involved in Cybersecurity; finding a legitimate information source that covers a topic specific to your need can be difficult. Let’s start with some major organizations that come to mind when discussing Cyber-security. According to Cybercrime Magazine there are 33 cybersecurity industry associ...

nmap is the defacto for scanning networks by system administrators and penetration testers. It also provides countless community supported nse (nmap scripting engine) scripts which can perform a range of tasks from discovering services to discovering vulnerabilities within those services. Let's take a look at nmap and some of its features. nmap's manual is huge. On linux, it can be viewed by executing the terminal command: man nmap |more If you're like me though, scrolling through this gets to be a bit of a hassle (I love Ctrl+F). Thankfully, there is a way to export the manual to a text file. It may be done with this command: man nmap > nmap.txt As of this writting, there are currently 1,736 lines of text. So its probably easier just to port this to a text file and do a search. nmap is huge and powerful, and it is possible to cause yourself a lot of headache if you are not careful. Take for instance the following command: nmap --stats-every 5m -p- 192.168.1....

Kali Linux is the defacto for pen testing. While any linux distro (or OS) can work for backdooring into networks, its quickest to just download a Kali Linux iso. It comes with most of the pen testing tools (some of them cost money but most are free) to get you up and running: https://www.kali.org/downloads/   Lets not waste time, we have a windows machine to administer (or connect to for nefarious purposes). Let's say the windows machine is behind a firewall with all inbound connections blocked as shown below: This will prevent us from doing a bind shell with windows, but not a reverse shell. To create a reverse shell, let's have our kali linux machine listen on an unused well known port, 443:  ncat -lvp 443 --ssl The -lvp command means listen verbosely on port 443. --ssl will encrypt all incoming traffic (note ssl is deprecated as of ncat 7.6. To use this option, ncat 7.5 should be installed). By encrypting our traffic, it will make it difficult, albeit not i...