[NetSec] Keeping Authentication Tokens Safe

An authentication token should not be left as it is in the database; that's common sense. But, applying a heavy hashing algorithm to secure it, also doesn't make much sense. Why? Authentication token, if it is created properly (128bits etc), is already very secure by itself. And by its nature, it doesn't contain any username… Continue reading [NetSec] Keeping Authentication Tokens Safe

[CTF] CTFLearn.com – Basic Injection

Ok, here is the solution for the very basic SQL injection CTF located on https://web.ctflearn.com/web4/. When you load the page you see this: There is nothing to do here, except entering some inputs, which leads nowhere. So, I checked the source code of the webpage. Very simple stuff, but look at that comment line. I tried… Continue reading [CTF] CTFLearn.com – Basic Injection

[NetSec] Firewall Bursting

Firewalls these days are packed with wide range of UTM capabilities like IPS, anti-virus, application filtering and web filtering.  All these features might add huge constraint on the device itself, as they require higher CPU and memory resources than simple packet filtering by ip addresses and port numbers. This might become an even bigger problem… Continue reading [NetSec] Firewall Bursting

[NetSec] Beware of the “D” State

When you issue the top command on a Fortigate firewall, you see the states of the processes along with the other information such as CPU and memory usage. Here is an example: Run Time: 356 days, 7 hours and 13 minutes 13U, 0N, 22S, 65I; 15972T, 7794F, 1013KF ipsengine 12441 S < 27.4 1.0 ipsengine… Continue reading [NetSec] Beware of the “D” State

[WriteUp] Tr0ll

  Let's scan our network to find the machine first. nmap -sn Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-11 13:39 +03 Nmap scan report for Host is up (0.019s latency). MAC Address: 00:50:56:01:06:28 (VMware) Nmap scan report for Host is up (0.00065s latency). MAC Address: 08:00:27:62:C8:63 (Oracle VirtualBox virtual NIC) Nmap… Continue reading [WriteUp] Tr0ll