File Inclusion

LFI and RFI are terms I’ve heard many times in the past 5 years, mainly in the context of Windows vulnerabilities and pentesting. I’ve done CTF challenges with file uploads, then using LFI to execute the shell. I’ve loaded code from remote sites exploiting RFI vulnerabilities. But I never really associated the terms LFI and RFI with these actions. Perhaps it’s because I’ve spent too long in infrastructure. Anyways, I hope to understand the what file inclusion is, what causes it, and how to fix it....

15 September, 2022 · 3 min · 584 words · JD

Antivirus is Bad

What is Antivirus/AV/NGAV? Is AV “useless”? What AV should I use? I’ve been asked all of the above by non-IT and IT users. Usually they fall into two groups. Either AV is useless or AV is the only security required. As usual, the truth is more nuanced. AV is an often unappreciated foundational security control for endpoints. What is the purpose of AV? AV is a scalable platform to block known attack methods/artifacts that increases the cost of attacking and persisting on an endpoint....

27 July, 2022 · 3 min · 462 words · JD

HSTS and Preloading

HSTS directs the browser to use HTTPS for certain domains (optionally subdomains). This mitigates some MitM attacks by upgrading HTTP connections to HTTPS. HSTS Preloading The native implementation of HSTS communicates the HSTS policy to the browser via an HTTP response header Strict-Transport-Security: max-age=31536000; includeSubDomains. HSTS requires a user to visit a website once before HSTS protection is cached. But what if HTTP is used on the first visit or a user clears their cache frequently?...

24 June, 2022 · 2 min · 272 words · JD

Elastiflow

Elastiflow is a high performance flow collector that provides unparalleled network observability. The community edition is free so it’s perfect for homelabbers. Why use Elastiflow? Note: This guide is not recommended for production use. It is a POC for home lab use. Setting up Elastiflow Visit this link to obtain a Basic Free License. Follow these steps to install Elastiflow. Don’t follow the steps under Running the Collector to start Elastiflow yet....

29 May, 2022 · 2 min · 367 words · JD

Egress Filtering

Summary Egress filtering limits traffic leaving the network perimeter. Why? Egress filtering is good security architecture as it prevents computers on the network from sending unwanted traffic to the internet. Limiting the attack surface protects against low-skill opportunistic attacks while reducing the breath of things to monitor. C2 communication Exposing information to attackers - e.g. stealing NetNTLMv2 hashes by coercing a client to authenticate to an attacker controlled SMB share Network traffic Analysis solutions such as Elastiflow can provide data on ports/IPs being used....

18 May, 2022 · 2 min · 244 words · JD