LDAP Injection
•
2 j'aime•714 vues
This document discusses LDAP injection, an attack where malicious code is inserted into a user input field to gain unauthorized access. It provides an overview of LDAP syntax and injection, demonstrating how an attacker can bypass authentication by closing parentheses in the username field. The document also notes LDAP injection can lead to privilege escalation and information disclosure. It recommends escaping special characters, using frameworks that encode LDAP queries, and applying least privilege to secure applications from LDAP injection.
Signaler
Partager
Signaler
Partager
Télécharger pour lire hors ligne
Recommandé
Persistant Cookies and LDAP Injection
The presentation is on Persistent Cookies and LDAP Injection. Persistent cookies stay on your hard drive (one of your browser's subfolders) until they expire or get deleted. The session will cover introduction to Persistent Cookies and applicable test-cases with respect to Web Application Penetration Testing. In LDAP Injection section, the presentation will cover: Understanding Active Directory, Understanding LDAP and How does LDAP Injection work.
Zap vs burp
Tomasz Fajks gives short intro about Security Tests as well as guide how to start. He goes through comparison of two security scanners Burp Suite and OWASP Zed Attack Proxy (ZAP), trying to answer "which one is better".
Bypass_AV-EDR.pdf
Comment contourner les mécanismes de sécurité type antivirus et EDR pour exécuter du code ou exfiltrer de la data
Windows Privilege Escalation
A collection of techniques that allow users to escalate privileges to local administrator and then to NT Authority\System. On a windows domain readers can use the described techniques to escalate to domain administrators.
Secure code practices
Secure code best practices for developers. And comparison of 2017 and 2021 OWASP top 10 with description of vulnerability and mitigation.
Burp Suite Extension Development
Presentation on - How to create custom Burp Suite extensions using Jython to test the web
application / mobile applications with strong encryptions in HTTP requests and responses.
Basics of Server Side Template Injection
The document discusses server-side template injection, where malicious code can be injected through templates used to generate web pages or emails. Templates are widely used by web applications to dynamically generate data. The first step in detecting a server-side template injection is noticing unusual behavior, errors, or mathematical expressions being executed on the server. Ways to detect injections include inserting mathematical expressions into templates. Mitigations include executing users' code in sandboxed environments like Docker containers and validating user input.
Hunting for Credentials Dumping in Windows Environment
My slides from Zero Nights 2017 talk - https://2017.zeronights.ru/report/hunting-for-credentials-dumping-in-windows-environment/
Recommandé
Persistant Cookies and LDAP Injection
The presentation is on Persistent Cookies and LDAP Injection. Persistent cookies stay on your hard drive (one of your browser's subfolders) until they expire or get deleted. The session will cover introduction to Persistent Cookies and applicable test-cases with respect to Web Application Penetration Testing. In LDAP Injection section, the presentation will cover: Understanding Active Directory, Understanding LDAP and How does LDAP Injection work.
Zap vs burp
Tomasz Fajks gives short intro about Security Tests as well as guide how to start. He goes through comparison of two security scanners Burp Suite and OWASP Zed Attack Proxy (ZAP), trying to answer "which one is better".
Bypass_AV-EDR.pdf
Comment contourner les mécanismes de sécurité type antivirus et EDR pour exécuter du code ou exfiltrer de la data
Windows Privilege Escalation
A collection of techniques that allow users to escalate privileges to local administrator and then to NT Authority\System. On a windows domain readers can use the described techniques to escalate to domain administrators.
Secure code practices
Secure code best practices for developers. And comparison of 2017 and 2021 OWASP top 10 with description of vulnerability and mitigation.
Burp Suite Extension Development
Presentation on - How to create custom Burp Suite extensions using Jython to test the web
application / mobile applications with strong encryptions in HTTP requests and responses.
Basics of Server Side Template Injection
The document discusses server-side template injection, where malicious code can be injected through templates used to generate web pages or emails. Templates are widely used by web applications to dynamically generate data. The first step in detecting a server-side template injection is noticing unusual behavior, errors, or mathematical expressions being executed on the server. Ways to detect injections include inserting mathematical expressions into templates. Mitigations include executing users' code in sandboxed environments like Docker containers and validating user input.
Hunting for Credentials Dumping in Windows Environment
My slides from Zero Nights 2017 talk - https://2017.zeronights.ru/report/hunting-for-credentials-dumping-in-windows-environment/
Express js
This document provides an overview of ExpressJS, a web application framework for Node.js. It discusses using Connect as a middleware framework to build HTTP servers, and how Express builds on Connect by adding functionality like routing, views, and content negotiation. It then covers basic Express app architecture, creating routes, using views with different template engines like Jade, passing data to views, and some advanced topics like cookies, sessions, and authentication.
No Easy Breach DerbyCon 2016
Every IR presents unique challenges. But - when an attacker uses PowerShell, WMI, Kerberos attacks, novel persistence mechanisms, seemingly unlimited C2 infrastructure and half-a-dozen rapidly-evolving malware families across a 100k node network to compromise the environment at a rate of 10 systems per day - the cumulative challenges can become overwhelming. This talk will showcase the obstacles overcome during one of the largest and most advanced breaches Mandiant has ever responded to, the novel investigative techniques employed, and the lessons learned that allowed us to help remediate it.
Details a massive intrusion by Russian APT29 (AKA CozyDuke, Cozy Bear)
Implementing ossec
This document provides an overview of implementing the OSSEC HIDS (Host-based Intrusion Detection System). It discusses OSSEC's architecture, features like log analysis, integrity monitoring, rootkit detection, policy auditing and alerts. It also covers installing and configuring OSSEC servers and agents, as well as customizing configuration and rule files. Challenges of deploying OSSEC at large scale are also mentioned.
Linux privilege escalation
This document discusses various techniques for Linux privilege escalation. It begins by defining privilege escalation and explaining the process. It then covers common escalation methods like exploiting kernel vulnerabilities, accessing programs running as root, using weak or default passwords, leveraging insider services, abusing SUID configurations, taking advantage of sudo rights, manipulating world writable files run as root, path manipulation, cron jobs, and keylogging. It provides examples and commands to help identify these opportunities on a target system.
Hunting for Privilege Escalation in Windows Environment
Slides from my talk at the OFFZONE 2018 conference (https://www.offzone.moscow/report/hunting-for-privilege-escalation-in-windows-environment/)
Secure Code Warrior - CRLF injection
Web App Vulnerabilities - Slidepack on "CRLF injection" by Secure Code Warrior Limited and licensed under CC BY-ND 4.0
From Zero to Spring Boot Hero with GitHub Codespaces
SpringOne 2021
Session Title: From Zero to Spring Boot Hero with GitHub Codespaces
Speakers: Martin Lippert, Spring Tools Lead at VMware; Sandra Ahlgrimm, Cloud Advocate at MicrosoftFrom Zero to Spring Boot Hero with GitHub Codespaces
I hunt sys admins 2.0
This document discusses techniques for hunting down target users on Windows domains after gaining initial access. It begins by outlining existing tools like psloggedon.exe and netsess.exe that can detect logged-in users but typically require administrator privileges. It then explores using domain data sources and PowerShell with tools like PowerView to profile and locate target users throughout the domain without administrator privileges. Various PowerShell commands like Invoke-UserHunter, Invoke-UserView, and Invoke-UserEventHunter are demonstrated for efficiently finding sessions and events associated with target users.
DNS exfiltration using sqlmap
These are the slides from a talk "DNS exfiltration using sqlmap" held at PHDays 2012 conference (Russia / Moscow 30th–31st May 2012) by Miroslav Stampar.
Derbycon - The Unintended Risks of Trusting Active Directory
Given at DerbyCon 2018, this presentation covers host and Active Directory security descriptor research.
Understanding Windows Access Token Manipulation
This document discusses Windows access token manipulation. It begins by explaining what access tokens are and how they are used for authentication and access control in Windows. It then covers how to steal access tokens by opening processes, obtaining their tokens, and using the tokens to impersonate users or launch new processes. The document explores techniques for stealing the SYSTEM access token as well as finding alternative processes besides winlogon.exe that can be used. It determines that processes with certain security permissions on their access tokens can be stolen, while others cannot. The key learnings provide insights into Windows security principles and how access token theft can enable privilege escalation.
Attacking thru HTTP Host header
This document discusses exploiting vulnerabilities related to HTTP host header tampering. It notes that tampering with the host header can lead to issues like password reset poisoning, cache poisoning, and cross-site scripting. It provides examples of how normal host header usage can be tampered with, including by spoofing the header to direct traffic to malicious sites. The document also lists some potential victims of host header attacks, like Drupal, Django and Joomla, and recommends developers check settings to restrict allowed hosts. It proposes methods for bruteforcing subdomains and host headers to find vulnerabilities.
64 Methods for Mimikatz Execution
Some way for run mimikatz with obfuscation and defense evasion methods
Collection:
https://redteamrecipe.com/64-Methods-For-Execute-Mimikatz/
Server-side template injection- Slides
This document discusses server-side template injection (SSTI), including an introduction to template engines, examples of commonly used template engines like Twig and Jinja2, how SSTI works by allowing user input to be embedded in templates in an unsafe manner, ways to detect and identify SSTI vulnerabilities, exploiting SSTI to read files or execute code, automated tools like Tplmap that can assist in SSTI exploitation, mitigations like input sanitization, and references and case studies.
Thick client pentesting_the-hackers_meetup_version1.0pptx
The document discusses pentesting thick client applications. It begins with introducing thick clients and why testing them is important. It then covers common thick client architectures, vulnerabilities, tools used for testing like decompilers and network sniffers, challenges like intercepting encrypted traffic, and solutions to those challenges like using Burp's non-HTTP proxy. It ends with checklists, example applications to practice on, and references for further reading.
CICD using jenkins and Nomad
Things like Infrastructure as Code, Service Discovery and Config Management can and have helped us to quickly build and rebuild infrastructure but we haven't nearly spend enough time to train our self to review, monitor and respond to outages. Does our platform degrade in a graceful way or what does a high cpu load really mean? What can we learn from level 1 outages to be able to run our platforms more reliably.
This talk will focus on on setting up a CICD pipeline using Jenkins. We start by configuring Jenkins to use our Nomad platform to autoscale job runners. After which we ll look at using the newly released nomad-pack tool to convert, deploy and test and existing nomad job.
Red Team Methodology - A Naked Look
The document provides an overview of a red team consultant's methodology for penetration testing engagements. It discusses various stages of an engagement including pre-engagement reconnaissance using tools like LinkedIn and domain research. It covers external testing techniques like NTLM brute forcing. Internal testing focuses on privileges escalation using tools like Mimikatz and movement using techniques like DLL hijacking. Reporting emphasizes providing a full narrative and findings of high quality over large quantities.
Build RESTful API Using Express JS
Learn how to build RESTful API using Node JS with Express Js Framework. Database used is Mongo DB (Mongoose Library). Learn Step by step what is Node JS, Express, API and Mongo DB. Explain and sample code step to build RESTful API
Dvwa low level
This document provides an overview of common web vulnerabilities and techniques for exploiting them using a vulnerable web application called DVWA (Damn Vulnerable Web Application). It discusses low-level vulnerabilities like brute force attacks, command injection, CSRF, file inclusion and SQL injection. It then goes into more detail on different SQL injection techniques like concatenation, error-based detection, union queries, retrieving data from tables. It also covers blind SQL injection, file uploads, and both reflected and stored cross-site scripting vulnerabilities. The document appears to be an introduction or guide to using DVWA to learn about hacking web applications.
A Case Study in Attacking KeePass
This document summarizes techniques for attacking the KeePass password manager program. It provides an overview of KeePass, discusses existing work like KeeFarce that exports unlocked databases, and introduces the author's tool KeeThief which extracts decryption keys from memory. The document also explores using KeePass' trigger system to automatically exfiltrate databases when they are opened or passwords copied. Mitigations like monitoring for suspicious processes interacting with KeePass are suggested.
Drupal Security Hardening
All about web application security and common threats and how to counter measure these threats
The content of this presentation was derived from several notable Drupal SA team like Greg Knaddison, Khalid Baheyeldin, Heine Deelstra, and Dave Reid.
Special thanks to Greg's book "Cracking Drupal: A Drop in the Bucket".
Drupal Security Hardening
This document discusses securing Drupal websites. It covers common Drupal attacks like XSS and SQL injection and recommends countermeasures like keeping software updated, following coding standards, sanitizing user input, and penetration testing. The document also provides an overview of securing the web server, PHP, and the Drupal codebase through permissions, input validation, and file uploads.
Contenu connexe
Tendances
Express js
This document provides an overview of ExpressJS, a web application framework for Node.js. It discusses using Connect as a middleware framework to build HTTP servers, and how Express builds on Connect by adding functionality like routing, views, and content negotiation. It then covers basic Express app architecture, creating routes, using views with different template engines like Jade, passing data to views, and some advanced topics like cookies, sessions, and authentication.
No Easy Breach DerbyCon 2016
Every IR presents unique challenges. But - when an attacker uses PowerShell, WMI, Kerberos attacks, novel persistence mechanisms, seemingly unlimited C2 infrastructure and half-a-dozen rapidly-evolving malware families across a 100k node network to compromise the environment at a rate of 10 systems per day - the cumulative challenges can become overwhelming. This talk will showcase the obstacles overcome during one of the largest and most advanced breaches Mandiant has ever responded to, the novel investigative techniques employed, and the lessons learned that allowed us to help remediate it.
Details a massive intrusion by Russian APT29 (AKA CozyDuke, Cozy Bear)
Implementing ossec
This document provides an overview of implementing the OSSEC HIDS (Host-based Intrusion Detection System). It discusses OSSEC's architecture, features like log analysis, integrity monitoring, rootkit detection, policy auditing and alerts. It also covers installing and configuring OSSEC servers and agents, as well as customizing configuration and rule files. Challenges of deploying OSSEC at large scale are also mentioned.
Linux privilege escalation
This document discusses various techniques for Linux privilege escalation. It begins by defining privilege escalation and explaining the process. It then covers common escalation methods like exploiting kernel vulnerabilities, accessing programs running as root, using weak or default passwords, leveraging insider services, abusing SUID configurations, taking advantage of sudo rights, manipulating world writable files run as root, path manipulation, cron jobs, and keylogging. It provides examples and commands to help identify these opportunities on a target system.
Hunting for Privilege Escalation in Windows Environment
Slides from my talk at the OFFZONE 2018 conference (https://www.offzone.moscow/report/hunting-for-privilege-escalation-in-windows-environment/)
Secure Code Warrior - CRLF injection
Web App Vulnerabilities - Slidepack on "CRLF injection" by Secure Code Warrior Limited and licensed under CC BY-ND 4.0
From Zero to Spring Boot Hero with GitHub Codespaces
SpringOne 2021
Session Title: From Zero to Spring Boot Hero with GitHub Codespaces
Speakers: Martin Lippert, Spring Tools Lead at VMware; Sandra Ahlgrimm, Cloud Advocate at MicrosoftFrom Zero to Spring Boot Hero with GitHub Codespaces
I hunt sys admins 2.0
This document discusses techniques for hunting down target users on Windows domains after gaining initial access. It begins by outlining existing tools like psloggedon.exe and netsess.exe that can detect logged-in users but typically require administrator privileges. It then explores using domain data sources and PowerShell with tools like PowerView to profile and locate target users throughout the domain without administrator privileges. Various PowerShell commands like Invoke-UserHunter, Invoke-UserView, and Invoke-UserEventHunter are demonstrated for efficiently finding sessions and events associated with target users.
DNS exfiltration using sqlmap
These are the slides from a talk "DNS exfiltration using sqlmap" held at PHDays 2012 conference (Russia / Moscow 30th–31st May 2012) by Miroslav Stampar.
Derbycon - The Unintended Risks of Trusting Active Directory
Given at DerbyCon 2018, this presentation covers host and Active Directory security descriptor research.
Understanding Windows Access Token Manipulation
This document discusses Windows access token manipulation. It begins by explaining what access tokens are and how they are used for authentication and access control in Windows. It then covers how to steal access tokens by opening processes, obtaining their tokens, and using the tokens to impersonate users or launch new processes. The document explores techniques for stealing the SYSTEM access token as well as finding alternative processes besides winlogon.exe that can be used. It determines that processes with certain security permissions on their access tokens can be stolen, while others cannot. The key learnings provide insights into Windows security principles and how access token theft can enable privilege escalation.
Attacking thru HTTP Host header
This document discusses exploiting vulnerabilities related to HTTP host header tampering. It notes that tampering with the host header can lead to issues like password reset poisoning, cache poisoning, and cross-site scripting. It provides examples of how normal host header usage can be tampered with, including by spoofing the header to direct traffic to malicious sites. The document also lists some potential victims of host header attacks, like Drupal, Django and Joomla, and recommends developers check settings to restrict allowed hosts. It proposes methods for bruteforcing subdomains and host headers to find vulnerabilities.
64 Methods for Mimikatz Execution
Some way for run mimikatz with obfuscation and defense evasion methods
Collection:
https://redteamrecipe.com/64-Methods-For-Execute-Mimikatz/
Server-side template injection- Slides
This document discusses server-side template injection (SSTI), including an introduction to template engines, examples of commonly used template engines like Twig and Jinja2, how SSTI works by allowing user input to be embedded in templates in an unsafe manner, ways to detect and identify SSTI vulnerabilities, exploiting SSTI to read files or execute code, automated tools like Tplmap that can assist in SSTI exploitation, mitigations like input sanitization, and references and case studies.
Thick client pentesting_the-hackers_meetup_version1.0pptx
The document discusses pentesting thick client applications. It begins with introducing thick clients and why testing them is important. It then covers common thick client architectures, vulnerabilities, tools used for testing like decompilers and network sniffers, challenges like intercepting encrypted traffic, and solutions to those challenges like using Burp's non-HTTP proxy. It ends with checklists, example applications to practice on, and references for further reading.
CICD using jenkins and Nomad
Things like Infrastructure as Code, Service Discovery and Config Management can and have helped us to quickly build and rebuild infrastructure but we haven't nearly spend enough time to train our self to review, monitor and respond to outages. Does our platform degrade in a graceful way or what does a high cpu load really mean? What can we learn from level 1 outages to be able to run our platforms more reliably.
This talk will focus on on setting up a CICD pipeline using Jenkins. We start by configuring Jenkins to use our Nomad platform to autoscale job runners. After which we ll look at using the newly released nomad-pack tool to convert, deploy and test and existing nomad job.
Red Team Methodology - A Naked Look
The document provides an overview of a red team consultant's methodology for penetration testing engagements. It discusses various stages of an engagement including pre-engagement reconnaissance using tools like LinkedIn and domain research. It covers external testing techniques like NTLM brute forcing. Internal testing focuses on privileges escalation using tools like Mimikatz and movement using techniques like DLL hijacking. Reporting emphasizes providing a full narrative and findings of high quality over large quantities.
Build RESTful API Using Express JS
Learn how to build RESTful API using Node JS with Express Js Framework. Database used is Mongo DB (Mongoose Library). Learn Step by step what is Node JS, Express, API and Mongo DB. Explain and sample code step to build RESTful API
Dvwa low level
This document provides an overview of common web vulnerabilities and techniques for exploiting them using a vulnerable web application called DVWA (Damn Vulnerable Web Application). It discusses low-level vulnerabilities like brute force attacks, command injection, CSRF, file inclusion and SQL injection. It then goes into more detail on different SQL injection techniques like concatenation, error-based detection, union queries, retrieving data from tables. It also covers blind SQL injection, file uploads, and both reflected and stored cross-site scripting vulnerabilities. The document appears to be an introduction or guide to using DVWA to learn about hacking web applications.
A Case Study in Attacking KeePass
This document summarizes techniques for attacking the KeePass password manager program. It provides an overview of KeePass, discusses existing work like KeeFarce that exports unlocked databases, and introduces the author's tool KeeThief which extracts decryption keys from memory. The document also explores using KeePass' trigger system to automatically exfiltrate databases when they are opened or passwords copied. Mitigations like monitoring for suspicious processes interacting with KeePass are suggested.
Tendances (20)
Hunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows Environment
From Zero to Spring Boot Hero with GitHub Codespaces
From Zero to Spring Boot Hero with GitHub Codespaces
Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active Directory
Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptx
Similaire à LDAP Injection
Drupal Security Hardening
All about web application security and common threats and how to counter measure these threats
The content of this presentation was derived from several notable Drupal SA team like Greg Knaddison, Khalid Baheyeldin, Heine Deelstra, and Dave Reid.
Special thanks to Greg's book "Cracking Drupal: A Drop in the Bucket".
Drupal Security Hardening
This document discusses securing Drupal websites. It covers common Drupal attacks like XSS and SQL injection and recommends countermeasures like keeping software updated, following coding standards, sanitizing user input, and penetration testing. The document also provides an overview of securing the web server, PHP, and the Drupal codebase through permissions, input validation, and file uploads.
Application and Website Security -- Fundamental Edition
The document provides an agenda for a course on application and website security. The agenda covers common input validation flaws like SQL injection and cross-site scripting, access control flaws like session hijacking, encryption flaws, security tools, and concludes with additional resources for further information. The document uses examples to demonstrate various security vulnerabilities and how they can be exploited.
Coding Security: Code Mania 101
The document discusses several coding security practices for developing secure software, including input validation, output handling, parameterizing queries, identity and authentication controls, and access controls. It provides examples and recommendations for implementing each practice to prevent common vulnerabilities like injection and data tampering. The goal is to integrate security at the code level from the beginning to reduce risks.
RMLL 2013 - Synchronize OpenLDAP and Active Directory with LSC
LDAP Synchronizarion Connector presentation, and how synchronize OpenLDAP and Active Directory with it.
Secure Programming
In this presentation, we try to teach programmers how to avoid security flaws in the code.
The presentation is of the format of problem->solution->problem....
Given a piece of code the attendees have to identify the security bugs in it and the suggest a fix. Now, the attendees have to find security bugs in the fix. The exercise goes on and the attendees become secure code aware.
-- KnowBigData.com
Fantastic Red Team Attacks and How to Find Them
Presented at Black Hat 2019
https://www.blackhat.com/us-19/briefings/schedule/index.html#fantastic-red-team-attacks-and-how-to-find-them-16540
Casey Smith (Red Canary)
Ross Wolf (Endgame)
bit.ly/fantastic19
Abstract:
Red team testing in organizations over the last year has shown a dramatic increase in detections mapped to MITRE ATT&CK™ across Windows, Linux and macOS. However, many organizations continue to miss several key techniques that, unsurprisingly, often blend in with day-to-day user operations. One example includes Trusted Developer Utilities which can be readily available on standard user endpoints, not just developer workstations, and such applications allow for code execution. Also, XSL Script processing can be used as an attack vector as there are a number of trusted utilities that can consume and execute scripts via XSL. And finally, in addition to these techniques, trusted .NET default binaries are known to allow unauthorized execution as well, these include tools like InstallUtil, Regsvcs and AddInProcess. Specific techniques, coupled with procedural difficulties within a team, such as alert fatigue and lack of understanding with environmental norms, make reliable detection of these events near impossible.
This talk summarizes prevalent and ongoing gaps across organizations uncovered by testing their defenses against a broad spectrum of attacks via Atomic Red Team. Many of these adversary behaviors are not atomic, but span multiple events in an event stream that may be arbitrarily and inconsistently separated in time by nuisance events.
Additionally, we introduce and demonstrate the open-sourced Event Query Language for creating high signal-to-noise analytics that close these prevalent behavioral gaps. EQL is event agnostic and can be used to craft analytics that readily link evidence across long sequences of log data. In a live demonstration, we showcase powerful but easy to craft analytics that catch adversarial behavior most commonly missed in organizations today.
Web Security 101
This talk walks through the basics of web security without focussing too much on the particular tools that you choose. The concepts are universal, although most examples will be in Perl. We'll also look at various attack vectors (SQL Injection, XSS, CSRF, and more) and see how you can avoid them. Whether you're an experienced web developer (we all need reminding) or just starting out, this talk can help avoid being the next easy harvest of The Bad Guys.
Prevention of SQL Injection Attack in Web Application with Host Language
This document discusses SQL injection attacks and methods to prevent them when building web applications. It begins by defining SQL injection attacks and describing common types like tautology, union queries, and blind injection. It then presents approaches to prevent SQL injection using host languages like PHP and Java. These include prepared statements, escaping strings, and stripping tags when handling user inputs in PHP. For Java, it recommends prepared statements to protect against attackers modifying queries. The key message is that input validation and using features like prepared statements in PHP and Java can help secure databases and prevent unauthorized access during SQL queries.
Security threat analysis points for enterprise with oss
The document provides an overview of using Elastic Stack to analyze security threats through log data. It discusses collecting logs from various systems like Windows event logs, Linux audit logs, proxy logs, and correlating the logs. It emphasizes the importance of visualizing log data through graphs to detect anomalies and targeted external threats on servers as well as potential internal threats and information leaks. Winlogbeat and Filebeat modules make it easier to collect and parse logs without needing to modify them. Timeline and worksheets can also help identify misconduct by correlating logins with work hours.
Ldap introduction (eng)
This document provides an overview of LDAP (Lightweight Directory Access Protocol). It discusses what directory services are, the need for LDAP to centralize user information, and some key LDAP concepts like its data model, schemas, and LDIF format. It also covers setting up an OpenLDAP server, including configuration, indexing, access control, and integration with other LDAP tools and applications.
Ldap 121020013604-phpapp01
This document provides an overview of LDAP (Lightweight Directory Access Protocol). It discusses directory services and the need for LDAP, provides an introduction to LDAP including its benefits and basics, and covers setting up and tuning OpenLDAP as well as other LDAP tools and applications.
Neoito — Secure coding practices
Secure coding is the practice of developing computer software in a way that guards against the accidental introduction of security vulnerabilities. Defects, bugs and logic flaws are consistently the primary cause of commonly exploited software vulnerabilities. Through the analysis of thousands of reported vulnerabilities, security professionals have discovered that most vulnerabilities stem from a relatively small number of common software programming errors. By identifying the insecure coding practices that lead to these errors and educating developers on secure alternatives, organizations can take proactive steps to help significantly reduce or eliminate vulnerabilities in software before deployment.
Session by: Akash S Prakash
Complete open source IAM solution
Talk about a complete open source IAM solution that includes LDAP directory server, Access Management and especially the enterprise-scale Identity Management system. The presentation also includes motivation why LDAP server alone is not enough.
Thanks to Katka Valalikova for delivering a OpenLDAP + Evolveum midPoint demo during the talk.
LDAPcon 2015, Edinburgh.
Secure Code Review 101
Secure code review is probably the most effective technique to identify security bugs early in the system development lifecycle.
When used together with automated and manual penetration testing, code review can significantly increase the cost effectiveness of an application security verification effort. This presentation explain how can we start secure code review effectively.
Slickdemo
This document provides an overview of Slick, a library for Scala that facilitates database access and querying. It discusses key Slick concepts like the lifted and direct query APIs, supported databases, and features like being easy, concise, safe, composable and explicit. It also covers topics like database schemas, queries for data definition, manipulation, filtering, sorting, joins and unions. Live code examples are provided throughout to demonstrate how to connect to a database, define schemas, and write various query types in Slick.
[CONFidence 2016] Andrey Plastunov - Simple bugs to pwn the devs
The talk will be about modern development infrastructure from an attacker's perspective. As all we know, developers is rulers of the software world. Therefore, the one who can gain control of development infrastructure can control software thus can control its users.
In the talk, we’ll cover a number of attack scenarios on the infrastructure (including repos, CI tools, bug trackers etc.) using simple (or sometimes not so simple) security bugs. Also, we'll list the most valuable targets inside development environment.
DevBeat 2013 - Developer-first Security
The document discusses how to integrate security into the software development process. It recommends treating security as part of design from the beginning through activities like threat modeling, rather than as an afterthought. It provides examples of common vulnerabilities and mitigations that can be implemented at the requirements, design, code, and testing phases like input validation, output escaping, and static analysis. The document advocates finding and fixing issues earlier and communicating regularly with security experts.
LDAP Injection & Blind LDAP Injection
The document discusses LDAP injection attacks and techniques for exploiting vulnerabilities in LDAP directory services. It describes how LDAP injections work similarly to SQL injections by manipulating LDAP query parameters. This allows attackers to alter queries and access unauthorized data. The document outlines different types of LDAP injections, such as AND, OR, and blind injections. It also discusses techniques for discovering directory information through data booleanization and charset reduction when only true/false responses are available. Finally, it recommends input filtering and limiting query syntax to help prevent LDAP injections.
Keystone deep dive 1
The document summarizes an OpenStack Keystone meetup presentation on identity services. It introduces key concepts of Keystone like actors, credentials, tokens, roles, projects and domains. It covers the Keystone architecture and configuration file. Demos were presented on creating entities in DevStack and integrating Keystone with an IPA/LDAP backend. The presentation concludes with references and information on getting involved in the Keystone community.
Similaire à LDAP Injection (20)
Application and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental Edition
RMLL 2013 - Synchronize OpenLDAP and Active Directory with LSC
RMLL 2013 - Synchronize OpenLDAP and Active Directory with LSC
Prevention of SQL Injection Attack in Web Application with Host Language
Prevention of SQL Injection Attack in Web Application with Host Language
Security threat analysis points for enterprise with oss
Security threat analysis points for enterprise with oss
[CONFidence 2016] Andrey Plastunov - Simple bugs to pwn the devs
[CONFidence 2016] Andrey Plastunov - Simple bugs to pwn the devs
Plus de NSConclave
RED-TEAM_Conclave
An APT29 simulation was conducted using the MITRE ATT&CK framework involving 3 virtual machines - an attacker system, domain controller, and 2 Windows workstations. The simulation began with generating a PowerShell payload using Pupy and delivering it to a workstation by disguising it as a document file. Once executed, the payload established a command and control connection back to the attacker, initiating the first stage of the simulated APT29 intrusion.
Create a Custom Plugin in Burp Suite using the Extension
This document discusses creating a custom plugin in Burp Suite using the extension framework. It provides advantages of using the extension, requirements, an overview of implementing request and response functions on the server, server helper functions, and a demo of creating a custom plugin that decrypts and encrypts requests and responses for a bank web application. The presentation agenda includes an introduction, block diagram, requirements, running the server, request and response functions, server helper functions, and a demo.
IOT SECURITY ASSESSMENT Pentester's Approach
This document discusses the pentester's approach to assessing the security of an IoT device. It outlines various attack surfaces at the hardware, software, and communication levels. The pentester's process involves understanding the device architecture, extracting and analyzing the firmware to obtain sensitive information like passwords, getting into the device's network, analyzing its communication protocol, duplicating requests to control the device remotely. Specific hardware hacking techniques are described like identifying communication points to dump the firmware directly from memory chips or by desoldering and reading the chip's contents.
Debugging Android Native Library
These slides were used to explain the concepts such as android's native
library, NDK and JNI using which demonstration of native library
debugging at runtime was presented in #NSConclave2023.
Log Analysis
Logs are one of the most valuable assets when it comes to IT system management and monitoring. As they record every action that took place on your network, logs provide the insight you need to spot issues that might impact performance, compliance, and security.
Regular Expression Injection
Regular Expression Injection occurs when an attacker supplies malicious input that modifies the intended regular expression in a way that breaks the program's specifications. This can impact control flow, leak information, or cause denial-of-service vulnerabilities. The document discusses regular expressions, how to find regular expression injection issues through error-based or blind injection techniques, demonstrates an example exploit, and provides mitigation strategies like input validation before using regular expressions and killing expressions that take too long.
HTML5 Messaging (Post Message)
This document discusses HTML5 postMessage and cross-origin messaging. It begins with an overview of postMessage, how it works, and how it can be exploited in cross-site scripting attacks. It then explains how the same-origin policy impacts postMessage and provides examples of same-origin violations. The document emphasizes that to prevent XSS, the postMessage origin must be correctly checked. It includes code demos and references to illustrate postMessage workings, attacks, and proper origin validation.
Node.js Deserialization
This document discusses node.js deserialization and exploitation examples. It provides an overview of node.js as server-side JavaScript. Deserialization is converting an object from a byte stream back into memory. The document demonstrates two exploitation examples, the first using an unprotected API and the second targeting node.js deserialization. It recommends input sanitization and blocking/replacing methods as remediation techniques.
RIA Cross Domain Policy
This document discusses cross-domain policy and the crossdomain.xml file. It provides examples of how a misconfigured crossdomain.xml file that allows access from any domain using a wildcard could be exploited to gather sensitive user information or perform unauthorized actions. The vulnerability can be remediated by hardcoding allowed domains instead of using a wildcard and implementing cross-site request forgery prevention.
Python Deserialization Attacks
Learn how Deserialization tends to vulnerability and which python modules are vulnerable to deserialization attacks.
Sandboxing
Sandboxing involves running malware in an isolated environment to analyze its behavior without exposing other systems. Cuckoo Sandbox is an open source tool that can analyze Windows, macOS, Linux, and Android malware this way. However, sandbox-evading malware can detect it is running in a sandbox and avoid revealing its malicious code until it is outside the sandbox. Such malware uses techniques like detecting user interactions, system characteristics, timing-based approaches, and obfuscating internal data to bypass detection in sandboxing.
NoSql Injection
This document summarizes a presentation on NoSQL injection given by Husseni Muzkkir. The presentation covered the differences between SQL and NoSQL databases, what NoSQL injection is and how it can be used to expose unauthorized information or modify data. It also described a NoSQL lab that was created with possible attack scenarios like authentication bypass, enumeration, data manipulation, and MongoDB injection. The presentation provided examples of insecure coding that could enable these attacks and discussed secure coding practices and a related CVE vulnerability.
Thick Client Testing Advanced
Let's get started with a deep dive into advanced techniques by capturing the request and reversing the application.
Thick Client Testing Basics
Understand the basic difference between the thick and thin client applications and learn the techniques to capture the application traffic.
Markdown
This document discusses effective use of markdown with various online and offline tools. It begins by introducing the author and briefly describing markdown. It then lists several popular online markdown editors like StackEdit, Dillinger, and GitHub. Examples are provided of common markdown syntaxes. The document demonstrates the markdown preview features of offline editors like Sublime Text and Visual Studio Code. It concludes by providing the author's contact information.
Docker 101
This session is a part of the #TechieThursday initiative from Net-Square for the internal team. In this webinar, we discussed several introductory topics including:
The difference between containers and VMs
Defined key Docker terminology that beginners should familiarize themselves with Learned how to get started with docker with a hands-on demo
Security Architecture Consulting - Hiren Shah
In modern age it has become crucial to perform secure architecture review along with regular pentest practice. Application architecture review can be defined as reviewing the current security controls in the application architecture. This helps a user to identify potential security flaws at an early stage and mitigate them before starting the development stage.
OSINT: Open Source Intelligence - Rohan Braganza
Speaker is going to conduct hands-on training on how an individual can use Open-source intelligence (OSINT) to collect data from publicly available sources. Speaker will showcase tools and techniques used in collecting information from the public sources.
https://nsconclave.net-square.com/advanced-reconnaissance-using-OSINT.html
Lets get started with car hacking - Ankit Joshi
This talk is about technology and protocols used in modern cars and attack surfaces in modern cars.
https://nsconclave.net-square.com/car-hacking.html
Advanced Wireless Reconnaissance And Testing - Rohit Jadav
Hands-on Workshop on Wireless Reconnaissance using Open source wireless frequency analyzer. Also covering topics on wireless perimeter security.
https://nsconclave.net-square.com/advance-wireless.html
Plus de NSConclave (20)
Create a Custom Plugin in Burp Suite using the Extension
Create a Custom Plugin in Burp Suite using the Extension
Advanced Wireless Reconnaissance And Testing - Rohit Jadav
Advanced Wireless Reconnaissance And Testing - Rohit Jadav
Dernier
Using Query Store in Azure PostgreSQL to Understand Query Performance
Microsoft has added an excellent new extension in PostgreSQL on their Azure Platform. This session, presented at Posette 2024, covers what Query Store is and the types of information you can get out of it.
socradar-q1-2024-aviation-industry-report.pdf
SOCRadar's Aviation Industry Q1 Incident Report is out now!
The aviation industry has always been a prime target for cybercriminals due to its critical infrastructure and high stakes. In the first quarter of 2024, the sector faced an alarming surge in cybersecurity threats, revealing its vulnerabilities and the relentless sophistication of cyber attackers.
SOCRadar’s Aviation Industry, Quarterly Incident Report, provides an in-depth analysis of these threats, detected and examined through our extensive monitoring of hacker forums, Telegram channels, and dark web platforms.
316895207-SAP-Oil-and-Gas-Downstream-Training.pptx
316895207-SAP-Oil-and-Gas-Downstream-Training.pptx
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
Charla impartida en el evento de "KuberTENes Birthday Bash Guadalajara" para celebrar el 10mo. aniversario de Kubernetes #kuberTENes #celebr8k8s #k8s
Energy consumption of Database Management - Florina Jonuzi
Presentation from Florina Jonuzi at the GSD Community Stage Meetup on June 06, 2024
Mobile App Development Company In Noida | Drona Infotech
Drona Infotech is a premier mobile app development company in Noida, providing cutting-edge solutions for businesses.
Visit Us For : https://www.dronainfotech.com/mobile-application-development/
zOS Mainframe JES2-JES3 JCL-JECL Differences
Document which explains the difference between Jes2 and Jes3
一比一原版(USF毕业证)旧金山大学毕业证如何办理
USF硕士毕业证成绩单【微信95270640】一比一伪造旧金山大学文凭@假冒USF毕业证成绩单+Q微信95270640办理USF学位证书@仿造USF毕业文凭证书@购买旧金山大学毕业证成绩单USF真实使馆认证/真实留信认证回国人员证明
#一整套旧金山大学文凭证件办理#—包含旧金山大学旧金山大学本科毕业证成绩单学历认证|使馆认证|归国人员证明|教育部认证|留信网认证永远存档教育部学历学位认证查询办理国外文凭国外学历学位认证#我们提供全套办理服务。
一整套留学文凭证件服务:
一:旧金山大学旧金山大学本科毕业证成绩单毕业证 #成绩单等全套材料从防伪到印刷水印底纹到钢印烫金
二:真实使馆认证(留学人员回国证明)使馆存档
三:真实教育部认证教育部存档教育部留服网站永久可查
四:留信认证留学生信息网站永久可查
国外毕业证学位证成绩单办理方法:
1客户提供办理旧金山大学旧金山大学本科毕业证成绩单信息:姓名生日专业学位毕业时间等(如信息不确定可以咨询顾问:我们有专业老师帮你查询);
2开始安排制作毕业证成绩单电子图;
3毕业证成绩单电子版做好以后发送给您确认;
4毕业证成绩单电子版您确认信息无误之后安排制作成品;
5成品做好拍照或者视频给您确认;
6快递给客户(国内顺丰国外DHLUPS等快读邮寄)。
教育部文凭学历认证认证的用途:
如果您计划在国内发展那么办理国内教育部认证是必不可少的。事业性用人单位如银行国企公务员在您应聘时都会需要您提供这个认证。其他私营 #外企企业无需提供!办理教育部认证所需资料众多且烦琐所有材料您都必须提供原件我们凭借丰富的经验帮您快速整合材料让您少走弯路。
实体公司专业为您服务如有需要请联系我: 微信95270640奈一次次令他失望山娃今年岁上五年级识得很多字从走出小屋开始山娃就知道父亲的家和工地共有一个很动听的名字——天河工地的底层空空荡荡很宽阔很凉爽在地上铺上报纸和水泥袋父亲和工人们中午全睡在地上地面坑坑洼洼山娃曾多次绊倒过也曾有长铁钉穿透凉鞋刺在脚板上但山娃不怕工地上也常有五六个从乡下来的小学生他们的父母亲也是高楼上的建筑工人小伙伴来自不同省份都操着带有浓重口音的普通话可不知为啥山娃不仅很快与他们熟识了
GreenCode-A-VSCode-Plugin--Dario-Jurisic
Presentation about a VSCode plugin from Dario Jurisic at the GSD Community Stage meetup
WWDC 2024 Keynote Review: For CocoaCoders Austin
Overview of WWDC 2024 Keynote Address.
Covers: Apple Intelligence, iOS18, macOS Sequoia, iPadOS, watchOS, visionOS, and Apple TV+.
Understandable dialogue on Apple TV+
On-device app controlling AI.
Access to ChatGPT with a guest appearance by Chief Data Thief Sam Altman!
App Locking! iPhone Mirroring! And a Calculator!!
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
Presented at NLJUG's J-Spring 2024.
Oracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers. This video you can watch from my youtube channel at https://youtu.be/m-F-mZA3MkU
Top 9 Trends in Cybersecurity for 2024.pptx
Security and risk management (SRM) leaders face disruptions on technological, organizational, and human fronts. Preparation and pragmatic execution are key for dealing with these disruptions and providing the right cybersecurity program.
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
Regarding mobile operating systems, two major players dominate our thoughts: Android and iPhone. With Android leading the market, software development companies are focused on delivering apps compatible with this OS. Ensuring an app's functionality across various Android devices, OS versions, and hardware specifications is critical, making Android app testing essential.
在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样
原版一模一样【微信:741003700 】【加拿大英属哥伦比亚大学毕业证本科学位证书】【微信:741003700 】学位证,留信认证(真实可查,永久存档)offer、雅思、外壳等材料/诚信可靠,可直接看成品样本,帮您解决无法毕业带来的各种难题!外壳,原版制作,诚信可靠,可直接看成品样本。行业标杆!精益求精,诚心合作,真诚制作!多年品质 ,按需精细制作,24小时接单,全套进口原装设备。十五年致力于帮助留学生解决难题,包您满意。
本公司拥有海外各大学样板无数,能完美还原海外各大学 Bachelor Diploma degree, Master Degree Diploma
1:1完美还原海外各大学毕业材料上的工艺:水印,阴影底纹,钢印LOGO烫金烫银,LOGO烫金烫银复合重叠。文字图案浮雕、激光镭射、紫外荧光、温感、复印防伪等防伪工艺。材料咨询办理、认证咨询办理请加学历顾问Q/微741003700
留信网认证的作用:
1:该专业认证可证明留学生真实身份
2:同时对留学生所学专业登记给予评定
3:国家专业人才认证中心颁发入库证书
4:这个认证书并且可以归档倒地方
5:凡事获得留信网入网的信息将会逐步更新到个人身份内,将在公安局网内查询个人身份证信息后,同步读取人才网入库信息
6:个人职称评审加20分
7:个人信誉贷款加10分
8:在国家人才网主办的国家网络招聘大会中纳入资料,供国家高端企业选择人才
UI5con 2024 - Bring Your Own Design System
How do you combine the OpenUI5/SAPUI5 programming model with a design system that makes its controls available as Web Components? Since OpenUI5/SAPUI5 1.120, the framework supports the integration of any Web Components. This makes it possible, for example, to natively embed own Web Components of your design system which are created with Stencil. The integration embeds the Web Components in a way that they can be used naturally in XMLViews, like with standard UI5 controls, and can be bound with data binding. Learn how you can also make use of the Web Components base class in OpenUI5/SAPUI5 to also integrate your Web Components and get inspired by the solution to generate a custom UI5 library providing the Web Components control wrappers for the native ones.
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
Learn about the latest innovations in and around OpenUI5/SAPUI5: UI5 Tooling, UI5 linter, UI5 Web Components, Web Components Integration, UI5 2.x, UI5 GenAI.
Recording:
https://www.youtube.com/live/MSdGLG2zLy8?si=INxBHTqkwHhxV5Ta&t=0
Hand Rolled Applicative
User Validation
Code Kata
Could you use a simple piece of Scala validation code (granted, a very simplistic one too!) that you can rewrite, now and again, to refresh your basic understanding of Applicative operators <*>, <*, *>?
The goal is not to write perfect code showcasing validation, but rather, to provide a small, rough-and ready exercise to reinforce your muscle-memory.
Despite its grandiose-sounding title, this deck consists of just three slides showing the Scala 3 code to be rewritten whenever the details of the operators begin to fade away.
The code is my rough and ready translation of a Haskell user-validation program found in a book called Finding Success (and Failure) in Haskell - Fall in love with applicative functors.
Unveiling the Advantages of Agile Software Development.pdf
Learn about Agile Software Development's advantages. Simplify your workflow to spur quicker innovation. Jump right in! We have also discussed the advantages.
Dernier (20)
Using Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query Performance
316895207-SAP-Oil-and-Gas-Downstream-Training.pptx
316895207-SAP-Oil-and-Gas-Downstream-Training.pptx
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
Energy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina Jonuzi
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
Oracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptx
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
Unveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdf
LDAP Injection
- 1. LDAP Injection Swapnil Jain Date: 28 April 2020
- 2. #Who Am I ● Security Analyst ● Twitter @swapnil_jn
- 3. Overview ● LDAP Injection ● Authentication Bypass ● Demo ● Impact ● Securing Applications against LDAP Injection
- 4. LDAP Injection The Lightweight Directory Access Protocol(LDAP) is used to store information about users hosts, and many other objects. LDAP injection is a type of attack on a web application where attackers place code in a user input field in an attempt to gain unauthorized access or information.
- 5. Basic LDAP Syntax Common Operators: ● “=” (equal to) ● & (logical and) ● | (logical or) ● ! (logical not) ● * (wildcard) Filter: ● (cn=sam) ● (cn=s*) ● (|(cn=s*)(cn=t*)) ● (&(cn=s*)(sn=*d))
- 6. Normal Working (&(cn=admin)(passwd=secret)) LDAP Server Admin authenticated
- 7. Authentication Bypass Username: admin)(&)), Password: ignored Web Server LDAP Server Directory Search AdminSet Cookie: PHPSESSIONID=admin
- 8. Test Case ● <input type="text" size=20 name="name">Enter the Username to search for</input> ● Searchfilter="(cn="+name+")" admin)(|(password=*) (cn=admin)(|(password=*) )
- 9. Authentication Bypass (Normal Request)
- 10. Payload Creation Original Request : http://10.90.100.50/ldap_lab/ldap/example2.php?name=hacker&password =hacker Payload : name=hacker)(cn=*))%00 Changed request: http://10.90.100.50/ldap_lab/ldap/example2.php?name=hacker)(cn=*))%0 0&password=hacker
- 14. Impact ● Authentication bypass ● Privilege escalation ● Information disclosure
- 15. Countermeasures ● LDAP special characters are safely escaped, including at least ( ) ! | & * ● Use Frameworks that Automatically Protect from LDAP Injection ○ LINQ to Active Directory provides LDAP encoding when building LDAP queries. ● Least privilege
- 17. Thank You