Before starting a penetration test (pentest), should you present your product or solution to pentesters? It all depends on your situation and on your objectives!
In this previous article, we have seen what a SSRF vulnerability is, and how, in general, it can be exploited. We had placed ourselves in a quite simple theoretical framework, but various elements (either due to the vulnerability itself or due to security implementations) can make the task more complicated.
In this article, we will have a look at various methods to go further. On
the agenda:
- Various methods for manually bypassing filters;
- SSRFMap: a semi-automatic operating tool.
Now that we have introduced four main functionalities of Burp Suite in the previous article, we will go a bit further with some functionalities and extensions that can increase the quality of an audit and your efficacy.
Functionalities and screenshots presented in this article are from the version Professional 2.1.01.
Alternative to classic Bluetooth, Bluetooth Low Energy is chosen increasingly for the IoT. This technology, also known as the abbreviation BLE, is establishing itself for connected devices, as it is ideal to send small amounts of data between devices and to preserve the battery; which matches the IoT’s needs perfectly. Classic Bluetooth, on its side, is used to send large amounts of data between a device and a user (wireless headphones and speakers are using Bluetooth for example).
When we talk about cyberattacks, we often think of malicious activities coming from external attackers, while internal attacks are on the rise. In the Insider Threat Report 2019, it is reported that 59% of the companies surveyed had suffered such an attack in the past year.
Protecting yourself from the inside against these attacks is therefore just as important as defending yourself from the outside.
USB devices are so convenient. Whenever we need to store small amounts of data, we use a USB stick. Everyone owns one and we generally trust it to be safe. USB keys are one of the main ways to do industrial espionage, but attacks against random civilians and companies are also common.
The 2018 Honeywell report on USB threat to industrial operators analyzed a sample of 50 locations. Energy, chemical manufacturing, pulp & paper, oil & gas and other industrial facilities were concerned by the study. Among the locations targeted, 44% blocked a suspicious file originating from USB ports and 15% of the threats detected and blocked were high-profile threats, like Stuxnet, Wannacry and Mirai.
Internet of Things security is a current topic, however penetration testing on connected devices are far from being a widespread practice. Most manufacturers prioritize product functionalities and design first. However, even with a “security by design” approach, pentesting remains essential to know the real security risks, and then to take the necessary measures.
We are regularly conducting social engineering penetration tests for our clients.
Our pentesters (security experts) tried various techniques, scenarios and pretexts.
We have learned lessons from our experience, and our clients shared with us what they learned too. We are sharing them now with you.
The first one and the second are said to be the best allies of CISO (and in general people in charge of IT security). There are though two different tools in a security strategy. What are the different characteristics of a penetration test (pentest) and a vulnerability scanner?
It is a question that we often hear. Unfortunately Sorry, we don’t have a ready made formula to reveal. The return on investment of a pentest is complex to measure. However, we are giving you 4 keys to demonstrate the financial benefits of a penetration test. Security is not only useful to avoid potential problems, it mostly creates value to facilitate sales and strengthen the trust of your customers.
What is a Cross Site Request Forgery Attack?
The CSRF is an attack that forces an end user to perform unwanted actions and without noticing on a web application he/she is currently authenticated.
CSRF attacks specifically target requests that make modifications, not data theft, because the attacker has no way of seeing the response of the falsified request. The outcome of the actions is what interests the attacker.
This type of attack is based on the fact that when a user is authenticated on an application, it will usually provide a session ID that its browser stores in a cookie.
Each time the user sends a request to the server, the browser will also automatically send this session cookie. You can find in linked article more information about CSRF attacks.
Keep in mind that a CSRF attack only needs that the user stays connected (without having an open page or tab of the website) to be working.
Administration interface, back-office, dashboard, admin panel… several names for the same thing: the place where organizations manage their data, supervise the activity of a web platform, handle customer requests, activate user accounts, configure articles within an e-commerce platform…
When thinking about the security of web platform, the back-office is not necessarily the priority, for several reasons:
The access to that kind of application is usually restricted, to internal services of the organization, and sometimes to third parties, supposed to be trustworthy.
We often think that a firewall restrictive enough protects the access to non-open services. We also believe that only a compromise machine can give access to the internal network. We are indeed wrong, and that’s what we are going to see with a web application vulnerability: The Server-Side Request Forgery, or SSRF.
What is an SSRF?
From a vulnerable web application, an SSRF makes possible to interact with the server, in order to extract files and to find its other active services. But there is more. It is also possible to scan the internal network to cartography IP and open ports.