Attacking OSS Using Abandoned Resources

In December I discovered a supply chain vulnerability that impacted 6,530 public npm package versions, at least I thought I did. Turns out that earlier in October of 2020 Security Innovation published similar research dubbing the issue Repo Jacking. This initially took the wind out of my sails but after I thought about it rediscovery is pretty cool and I was able to expand upon it a bit by focusing on abandoned S3 buckets, Google Cloud Storage bucket, expired domain names, and finding and reporting a vulnerability in GitHub to make exploitation possible in some conditions.

Headless Holiday Hack: Flag 1

Last night I tossed up a quick CTF-esque challenge with a couple of flags defined.

My Favorite Vulnerability: From ERROR to inter-protocol exploitation

I’m excited to finally write up and share my favorite vulnerability I’ve ever found. It’s a story where all the right pieces fell into place to make it exploitable. The names, ports, and other details have been changed to protect the vulnerable even though this took place probably 6 years ago and I believe the devices are now sunsetted.

Identify an O.MG Cable

Today I got my hands on an O.MG cable. It is extremely well manufactured and to most it will be extremely stealthy.

Using Chrome Debugger Metasploit Gather Module

This last week Nick Starke got the chrome debugger metasploit module pushed over the line and merged into master. I figured I’d write up a quick intro to the module and how it might be used should you happen to stumble across a chrome debugger laying around the network.

Leveraging Javascript Debuggers for compromise

Summary

I discovered that developers do leave remote JavaScript debuggers and headless browsers laying around on the internet leading to sensitive data exposure and an interesting remote position for an attacker.

Enumerating Files Using Server Side Request Forgery and the request Module

If you ever find Server Side Request Forgery (SSRF) in a node.js based application and the app is using the request module you can use a special url format to detect the existence of files / directories.

npm Registry Spelunking: Dependencies Referenced by URL

I’ve learned a long time ago that not all security research pans out with a stack of vulnerabilities but every time I venture down a rabbit hole I learn something along the way. This is one of those times.

Bypassing npm / yarn ignore Scripts with Command Injection

Before you read this post please run git --version and if it’s not 2.14.1 or greater then please go upgrade it.

My story about mentorship and my career

The Practical Developer DevDiscuss one day got me thinking about mentorship and how it’s impacted my life. It doesn’t fit in a tweet or a thread of tweets so you get the story about how a mentorship gave me my entire career in security. This is going to be a bit stream of mind so give me a break on grammar and spelling :)

Blog Posts

Attacking OSS Using Abandoned Resources

Headless Holiday Hack: Flag 1

My Favorite Vulnerability: From ERROR to inter-protocol exploitation

Identify an O.MG Cable

Using Chrome Debugger Metasploit Gather Module

Leveraging Javascript Debuggers for compromise

Summary

Enumerating Files Using Server Side Request Forgery and the request Module

npm Registry Spelunking: Dependencies Referenced by URL

Bypassing npm / yarn ignore Scripts with Command Injection

My story about mentorship and my career

Categories

Tags