Pentesting gRPC / Protobuf : Decoding First steps

Protocol Buffers (a.k.a ProtoBuf) and other binary serialization representations are gaining popularity, especially in inter-microservice communication. Unlike JSON or HTTP, ProtoBufs are not human readable (hence the "binary" part of binary serialization) , but that translates into an advantage of  less overhead, leading to performance gains, and the ability to code against a fixed schema … Continue reading Pentesting gRPC / Protobuf : Decoding First steps

Advertisements

Bringing reliability to OSSEC

As we saw in a previous blog post, OSSEC is UDP based. This is great for performance, and can scale to 1000s of nodes. However, it means there is an inherent problem of reliability. UDP is a connection-less protocol, hence the OSSEC agent has no guaranteed way of knowing that a particular event has been … Continue reading Bringing reliability to OSSEC

OSSEC event loss troubleshooting

There is a general consensus that OSSEC will lose events in the event that the main OSSEC server goes offline for whatever reason ( [1] , [2] ) - be it the service is stopped, a network disconnection, or anything in between. However, there doesn't seem to be much information on when exactly even loss can occur, for … Continue reading OSSEC event loss troubleshooting

Practical Reflected File Download and JSONP

This week introduced us to a new web attack vector, which the researcher dubbed "Reflected File Download" [RFD] . It's a very interesting attack which has potential to do some severe damage, especially in social engineering contexts. Full details of the reflected file download attack can be found here: http://blog.spiderlabs.com/2014/10/reflected-file-download-the-white-paper.html While reading through the white … Continue reading Practical Reflected File Download and JSONP

Pyinstaller – building exe files from python under Kali

I was trying to build my own malicious file... Since I love python, it was natural for me to go down the python + pyinstaller route. Initially, I coded everything on windows, downloaded and installed PyInstaller [1] on windows, and attempted to use the usual pyinstaller -F my_script.py to build my executable. But then I started running into … Continue reading Pyinstaller – building exe files from python under Kali

Antivirus evasion : Ghost Writing update

I recently read an excellent article on PenTestGeek about "Ghost Writing": https://www.pentestgeek.com/2012/01/25/using-metasm-to-avoid-antivirus-detection-ghost-writing-asm/ The article is extremely easy to follow, with some adjustments to running metasm under kali: The site_ruby folder is located under: /usr/local/lib/site_ruby/ You dont need to copy the metasm files however, you can simply run gem install metasm The disassembler script is located under: /usr/share/metasploit-framework/lib/metasm/samples/disassemble.rb In … Continue reading Antivirus evasion : Ghost Writing update

Hackathon notes and links

Update: The hackathon event was recently covered on national tv. Here's the segment (in Maltese): The MITA Hackathon from GADGETS on Vimeo.   I recently had the opportunity to participate in (my team won as it turned out... Special thanks to Ian Attard and Godwin Caruana) the Malta Information Technology Agency (MITA) Hackathon, organized by … Continue reading Hackathon notes and links