Security's Labyrinth

This is a short article describing a critical vulnerability I recently found in one of India’s top travel booking website. Quick info: 💡 SSRF allows an attacker to induce the server-side application to make requests to an unintended location.  💡 It is common when testing for SSRF vulnerabilities to observe a DNS look-up for the supplied attacker-controlled domain, but no subsequent HTTP request. Many production networks allow free egress of DNS queries, because they are essential for the normal operation of production systems. The application attempts to make an HTTP request to the domain, which causes the initial DNS lookup, but the actual HTTP request is blocked by network-level filtering. 💡Access Keys allow programmatic calls to AWS or to use the AWS Command Line Interface or AWS Tools for PowerShell.  💡AWS metadata service is always hosted at 169.254.169.254, port 80.  Moving on.. While testing one of the endpoints, I found Apache Mod_Proxy SSRF (CVE-2021-40438)...

This is a write-up of a security bug I found a few months ago - HTTP Request Smuggling (Type: CL.TE). This vulnerability occurs due to a disagreement between the front-end and back-end server on how to parse incoming HTTP request streams.  CL.TE arises when the front-end server uses the Content-Length header and the back-end server uses the Transfer-Encoding header to parse the incoming HTTP request, which causes a desynchronization.  To get more in-depth understanding of the underlying concepts of this vulnerability, I  suggest reading  this   for additional reference.  Example: POST / HTTP/1.1 Host: test.com Content-Length: 12 Transfer-Encoding: chunked 0\r\n \r\n TESTING In the above example, the front-end server parses the Content-Length header (till the end of TESTING [12 bytes]. I have used \r\n for demonstrating why 12 bytes is the content length in this example. These bytes are not visible in the original request.  Now, once this request is r...

In this blog, I'll walk you through my OSCP journey and also cover some important points that I found crucial for OSCP preparation.  I started my preparation in January 2021 and set a target for mid-year to attempt the exam. Well, life happened and it got delayed till October. (better late than never, right?) #whoami I am a full-time Security Engineer, where my day job requires me to wear the hat of Vulnerability Management. I like to explore the realms of Network Security, which got me interested in OSCP. The initial plan of action:   Jan 2021 - Complete HTB retired machines (TJ Null's list) Feb 2021 - Start HTB active machines + Proving Grounds March-May 2021 - Buy OSCP voucher and complete PWK labs  June 2021 - Pass the exam 😎 How my prep actually went: Jan - Feb 2021 - solved HTB retired machines and practiced BOF March 2021 - completed   Tib3rius'  Pr ivesc courses (Windows and Linux)  April 2021 - preparation gap ;-; 22 May 2021 - bought PWK labs sub...

In this blog, I've created some memes to add some humor whilst spreading cyber security awareness. While developers can try hard enough to produce a secure application, it is of no use if the end users are careless in their part. As users, we must protect our data and online accounts to the best of our ability.  Note that this blog is also meant to be suitable for audiences who do not have a technical background, that's why I've tried to keep it as simple as possible. However, you can read more about these topics if you wish to gain in-depth understanding. 1. Update, update, update! A vulnerability is a weakness in a software that can be exploited by attackers. When developers figure out these vulnerabilities, they patch them and release updates for you to install. As an end user, it is your responsibility to make sure that the services you use are up to date.  Turning on automatic system updates will make this task easier.            ...

There is a significant gender gap among the qualified cyber security professionals. According to the ISC2 Women in Cybersecurity survey, women working in cybersecurity currently account for about one quarter (24%) of the overall workforce. This is quite opposite to the cyber security leadership roles, where women are in higher percentages. This brings up a question: In today's world where technical professions are no more dominated by men, why do women still face hesitation when it comes to applying for technical roles in the cyber security industry? This might be because sometimes our perceptions of ourselves and our skill sets hold us back. You are female, single, married, a mother, an adventurer—who cares? These factors must not hold you back from grabbing amazing opportunities and being able to follow your passion. Mentoring A role model or a mentor can be essential for professional development and growth. The lack of females in this industry limits the opportun...

Hacking: The word which instantly creates a picture of a guy sitting in a dark room wearing a hoodie and doing something terrifically dangerous or something terribly wrong. Have we ever related hacking with security? Ever thought of it as something that is useful? There are plenty of stereotypes when it comes to the world of hacking. It is considered as a negative word and people are discouraged to take it up. Cracking vs Hacking By definition, the term 'cracking' means trying to get into computer systems in order to steal, corrupt, or illegitimately view data. Whereas, 'hacking' refers to the practice of modifying or altering computer software and hardware to accomplish a goal that is considered to be outside of the creator's original objective. Even though hacking is actually done with consent and is good in nature, people still tend to call it ‘Ethical hacking’ as if to say a 'good good task'. It's important to note that the terms...

With the rise of various technologies, security is needed more than ever. But before understanding today's complex security measures, let's take a look on how all of these evolved over time, and what challenges were faced. Cloud Security Earlier, organisations and companies used their own servers to run their application software. These servers were located and managed in-house.This setup was expensive and led to increased capital cost of computer hardware and labor cost of administrators. At the same time, it was observed that most in-house systems were idle, leading to a lot of wasted resources. These problems gave rise to Virtualization. It reduced the number of servers and helped save money. Now, there was no need to purchase different hardware configuration systems for different applications; instead a pool of general hardware resources was used to run virtualized applications. Virtualization further led to renting out of infrastructure by third parties (IaaS). It is t...