CompTIA Pentest+

What is a XSRF attack? XSRF, also known as Cross-Site Request Forgery, is a type of attack that involves tricking a user into making a malicious transaction with a website without their knowledge. This can occur when a user is logged into a website and visits a malicious website or clicks on a malicious link. The attacker can then use the user’s active logged in status on another website to make requests on the user’s behalf, potentially allowing the attacker to perform unauthorized actions or access sensitive information. XSRF attacks can be prevented by implementing proper authentication and authorization measures on the website, such as using unique tokens for each user session. What is a session hijacking attack? Session hijacking is a type of cyberattack where an attacker takes over a user’s active session on a website or application and gains unauthorized access to the user’s account. This can be…

Read more

Why is user awareness training important for IT security? Phishing operations represent 41% of cyber breach incidents according to the IBM X-Force report. Deloitte estimates phishing to be the initial attack vector in 91% of cyber breaches.   These estimates put phishing at the forefront of corporate attack surface because they identify phishing as the most successful method used by attackers to compromise a system and gain initial access to a victim’s network.  In response, organizations need to increase their resilience against phishing and other types of social engineering attacks. By testing their staff’s ability to effectively identify phishing attempts and malspam and providing educational material, an organization can identify potential weaknesses and reduce the chance that an employee will fall prey to an attack.  Of course, secondary cybersecurity measures should be in place to detect and respond to a successful phishing attack, user awareness training is a good practice…

Read more

@0x0SojalSec tweeted out a pure genius one-liner for automated SQL Injection pentesting and it while it was mind-blowing, it is also useful to dissect into the various elements.  Along the way we can learn some great tools for command line penetration testing! Check out the original tweet or the image below: This is a great example of how automated toolkits can provide do a lot of work that doesn’t cost a lot of time.  So, let’s disect the command and learn 5 great command line tools from @0x0SojalSec’s sorcery that will certainly prove useful on a pen-testing engagement. #1 – subfinder Subfinder is a command line tool from ProjectDiscovery.io  that accepts a top-level domain and will return a set of subdomains from historical DNS records.  Whenever relying on historical DNS records, the output is only as good as the service’s repository of historical data, but ProjectDiscovery’s service is top notch. …

Read more

In an MSNBC interview posted to YouTube on February 24th, 2022, approximately 24 hours after the initial invasion of Ukraine by Russian military forces, Leon Panetta former US Secratary of Defence and former head of the CIA was asked whether now is a good time for the US to use offensive cyber-war against Russia.  Rather that address the question directly, Panetta addressed the greater context of the invasion for Ukrainian national security.  The question is worth addressing though. So, is now a good time for counter forces to launch a cyber offensive? Is now the time for offensive cyber-attack? It Depends. That is the short and true answer. Here comes the why. Probably the most effective use of cyber weapons in warfare is when they are purposed for for gathering information, aka spying. The most advanced forms of cyber weapons (known as advanced persistent threats or APT for short) are…

Read more

In part 1 of PHP Malware series, we learned what a web-shell is and learned some basic ways that an attacker can build web-shell in PHP. In part two we took a look at how web-shells can be hidden using base 64 encoding and AES encryption techniques. In part three we’re gonna look at other crafty ways that an attacker could obfuscate PHP web shell or other malware such as a stealer which would exfiltrate sensitive data as it’s processed by a website. Cyber criminals want to avoid malware being found, and when it is found, they want it to be difficult for a researcher to discover what the malware is doing. An an attack technique is novel, attackers don’t want defensive security researchers to be able to use the technique information to build defensive strategy or make the information public. In order to demonstrate the skill’s of reverse engineering…

Read more

In this this series of articles and videos, I will explore some PHP malware code that has been publicly published. All the samples discussed are derived from a GitHub repository maintained by marcocesarato. The advice from Ripple Software Consulting is to always maintain solid web-server security through hardened configuration and monitoring, and vulnerability scanning both internal and external surfaces with a tool such as CISOfy’s Lynis or Greenbone’s GVM. For an example of solid LAMP stack server security you can visit the RSRC’s VPS Deploy WordPress GitHub repository which is a tool for automatically deploying a WordPress website on a hardened Linux VPS Server. If you don’t want to secure your own WordPress installation, you can hire a trained security consultant such as Ripple Software, or you can use another 3rd party managed hosting provider. PHP is a scripting language which means its source code is usually in human readable…

Read more

Linux Dominates Performance-based Computing Market Share Linux may be less susceptible to cyber-attacks because Windows presents such an attactive target by holding the majority of the desktop marketshare. However, Linux servers dominate the global market in some powerful ways. According to industry reports, Linux OSs comprise 100% of all supercomputers, and over 95% of the top 1 million web servers are running Linux. Linux runs on 90% of all cloud infrastructure and dominates the mobile phone market with > 80% of market share. Embedded operating systems, and RTOS for IoT devices? Again, Linux is by far the most popular OS of choice. If you want more interesting facts about Linux’s market presence, you can Read Nick Galov’s revealing 2021 comprehensive summary of Linux market penetration. Knowing how to conduct a Security Audit of a Linux system and services is very important indeed.  This most often includes whitelisting required applications and…

Read more

What is GVM and OpenVAS? WikiPedia does a really nice introduction to GVM so let jump start our understanding with that: OpenVAS is the scanner component of Greenbone Vulnerability Manager, a software framework of several services and tools offering vulnerability scanning and vulnerability management. All Greenbone Vulnerability Manager products are free software, and most components are licensed under the GNU General Public License. To understand the relationship between OpenVAS and GVM we should refer to the OpenVAS website, which does a good job explaining the relationship between OpenVAS and GVM: In 2019 the branding separation was completed. OpenVAS now represents the actual vulnerability scanner as it did originally and the “S” in “OpenVAS” now stands for “Scanner” rather than “System”. These changes are accompanied by an updated OpenVAS logo. The framework where OpenVAS is embedded is the Greenbone Vulnerability Management (GVM).OpenVAS released with GVM-10 receives numerous performance optimization to address…

Read more

These study notes are provided for students of CompTIA Pentest+ exam. If you notice any problems with the notes, please let me know via email (joseph@ripplesoftware.ca).   General Pentesting Engagement Scoping Information Gathering Vulnerability Scanning Exploitation Process Pentest Tools Exploit Specifics Post Exploit Communication Processes

Read more