PaloAlto Captive Portal XSS Attack

Posted on by David Vassallo

PaloAlto has issued a patch for a XSS attack on the captive portal that I disclosed a few months back. The official advisory can be found here: https://securityadvisories.paloaltonetworks.com/Home/Detail/66 (Detail taken from https://securityadvisories.paloaltonetworks.com/) The attack has been given a CVSS score of 6.1: (Screenshot taken from IBM X-Force: https://exchange.xforce.ibmcloud.com/vulnerabilities/118524) Below follows the original report submitted to PaloAlto … Continue reading PaloAlto Captive Portal XSS Attack

Simple DNS Sniffer in GoLang

Posted on by David Vassallo

Golang makes it really simple to code some otherwise arduous tasks. In this case, we needed to sniff raw network data, filter out DNS data, and send the DNS queries and responses to an Elasticsearch cluster. The resulting code is surprisingly simple thanks to libraries such as GoPacket, as you can see below: https://gist.github.com/dvas0004/3d280f95a83a3084b314ea208f19f9e9 The … Continue reading Simple DNS Sniffer in GoLang