When testing for out-of-band vulnerabilities, Collaborator has been an invaluable tool since its initial release in 2015. By acting as a HTTP, DNS and SMTP server, Collaborator allows researchers to identify complex out-of-band interactions between target applications and external services aiding in the discovery of vulnerabilities such as server-side request forgery (SSRF), XML external entity … Continue reading Tool Release – Collaborator++
Containerization solutions are becoming increasingly common throughout the industry due to their vast applications in logically separating and packaging processes to run consistently across environments. Docker represents these processes as images by packaging a base filesystem and initialization instructions for the runtime environment. Developers can use common base images and instruct Docker to execute a … Continue reading Tool Release – Enumerating Docker Registries with go-pillage-registries
This month, in addition to the several dozen technical talks and trainings our researchers will offer at our internal conferences, NCC CON US and NCC CON Europe, two NCC Group researchers will also be presenting work publicly: Clint Gibler, "DevSecOps State of the Union v2.0," presented at AppSec Cali (Santa Monica, CA - January 22-24 … Continue reading Conference Talks – January 2020
Ethereum, a popular cryptocurrency, utilizes a P2P flood network overlay protocol in order to propagate new transactions and state around the network. As has been shown in previous works[^1][^2], observing the propagation of transactions through the peer-to-peer network layer is often enough to deanonymize users of cryptocurrency networks....
I have been asked about the usefulness of security monitoring of entropy levels in the Linux kernel. This calls for some explanation of how random generation works in Linux systems. So, randomness and the Linux kernel. This is an area where there is longstanding confusion, notably among some Linux kernel developers, including Linus Torvalds himself. … Continue reading On Linux's Random Number Generation
Amazon Web Services' AssumeRole operation accepts an optional parameter called "sts:ExternalId" which is intended to mitigate certain types of attacks. However, both the attacks that sts:ExternalId mitigates and how to properly use it are widely misunderstood, resulting in large numbers of vulnerable AWS-based applications. This post aims to describe what std:ExternalId does, when to use … Continue reading Demystifying AWS' AssumeRole and sts:ExternalId