Yes, I got my Offensive Security’s OSCP done in the 2nd Week of April. I wasn’t able to blog after that as i was busy with projects. I have read too many blogs after everyone gets done with their OSCP, For me things were very different.
While performing a web application penetration testing, at times you are able to find out the web application is running MySQL database through “root” credentials. This is one of the biggest NO of security. In this case we can get a root shell on the machine with just a few commands. Here comes my second cheat sheet so that i do not forget this any more.
I have been very busy with Certifications these days. Yes i have been ignoring this since long, but it was about time to start doing my certifications in Information Security. I am currently doing 2 certs.
1, CEH by EC-Council
I am not the sort of person who gets into theory ( HOPE I CLEAR MY CEH, I WANT 95% MARKS ) . I am more towards the practical side ( OFFENSIVE SECURITY IS NICE). I have been studying hard core for CEH and getting my hands dirty through OSCP , both are very challenging, Really Trying Harder 🙂
I feel that CEH is more demanding for the job market, where-as OSCP is the thing which you get hands-on experience and learn practically through their tough labs.
After i am doing with both of the certifications i would continue with EC-Council and Offensive Security, I would love to start CPTE by Mile2 ( Expecting their call since last 2 months to allow me to give exam)
After i am done with both of these, ill be giving ITIL ( What can i say if job market demands it and i dont want to give CISSP ATM)
And yes i got a new logo made for my blog.
While crawling few websites in search of XSS i was able to find one on Odesk, unfortunately i was unable to report the vulnerability was it is not on odesk.com , the security bug report program is being run by bugcrowd.com.
Any how i have emailed them about this vulnerability, as soon as i get a Positive reply i will post the vulnerability. It has been almost a month now, lets see how how they take to reply.
# Exploit Title: VLD Personals – Cross Site Scripting ( Reflective ) with admin authentication.
# Notified VLD Personals Date: 02/FEB/2015
# Exploit Author: Mr T
# Exploit Authors Website: http://www.securitypentester.ninja
# Vendor Homepage: http://www.vldpersonals.com/
# Software Link: http://www.vldpersonals.com/clients/downloads.php
# Vulnerable Version: 2.7.1
# Fixed Version 2.7.2
# Tested on: Windows / Linux
Adobe released a security update for its Flash Player software as it is being actively exploited in the wild. This latest exploit is packed in Angler Exploit kit (also known as Angler EK) being used by malicious hackers for exploiting flash player, in the past this exploit pack was packed with Sliverlight exploit.
In my everyday malware reverse engineering experience i come across multiple websites injections by malware, these malware are very much unique and cannot be found easily using search strings . Recently i was given a task to clean malware from a infected website. The website was using the very famous wordpress cms, when i search the internet i found multiple exploits which can be used to upload a backdoor into any website which is vulnerable due to outdated Slider plugin.
Every website needs to be trusted by its users for it to be successful. Growing concerns about fake sites, viruses, and identity theft has made consumers reluctant to do business online or post their information on websites that have not followed any security measures.
Malware is not going away any time soon. Malware is growing, developing and constantly evolving. It is becoming more difficult to detect, and even harder to remove. Your computer is constantly at risk from infection by malware in the form of viruses, worms, trojans, rootkits, dialers and spyware.