Scraping entire subdomain lists with Sublist3r-Scrap

As pentesters, we are usually presented with one of two scenarios whenever we are about to perform an assessment: Small defined scopes.Broad scopes with few limitations. Many companies prefer the latter rather than the former, as it presents a better picture of what they are exposing to potential malicious attackers. This is also better known … Continue reading Scraping entire subdomain lists with Sublist3r-Scrap

Web application race conditions: It’s not just for binaries.

How would you feel if you could get free money in your bank account? Race conditions are usually found in binaries, and are rarely something that a pentester thinks whenever they are performing an assessment. The usual bugs that one finds are more like XSSs, SQLis, business flow bypasses, etc. This story however happened during … Continue reading Web application race conditions: It’s not just for binaries.

Debugging the Samsung Android Kernel part 3:

How to enable Serial-over-USB debugging for the Samsung Kernel. In this tutorial, I will be covering how to modify the Samsung DWC3 USB drivers in order to enable polling support, so as to be able to use the ttyGS0 interface on the device and the ttyACM0 interface on the debugging host to finally debug the Android Kernel with KGDB. … Continue reading Debugging the Samsung Android Kernel part 3:

Debugging the Samsung Android Kernel part 2:

Patching a Samsung device with a custom Kernel In my last tutorial, I’ve explained step by step how to compile a custom Samsung Kernel, I highly recommend you go through that guide before you read this one, as it has some important steps on how to prepare your environment. Now, in this guide, I will be … Continue reading Debugging the Samsung Android Kernel part 2:

Debugging the Samsung Android Kernel part 1:

Compiling a custom Samsung Android Kernel, and living to tell the tale. Many security enthusiasts and sysadmins are familiar with the process in which one custom compiles a Linux Kernel and then installs it in our favorite distro. This can have different purposes: Security hardening, feature customization or including debugging symbols, to name a few. However, … Continue reading Debugging the Samsung Android Kernel part 1:

Aggressive password policy: When your security turns against you.

Say you have an application on a pentesting gig. Say that application has a special “Recover your account” routine, which includes authenticating with your personal information, such as your Social Security Number (Or at least the last 4 digits), your account number and your date of birth, instead of the usual “We’ll send a link to your email … Continue reading Aggressive password policy: When your security turns against you.

The Java Soothsayer: A practical application for insecure randomness. (Includes free 0day)

As a pentester is quite usual that for several reasons one might not find as many shiny beautiful critical bugs as one might want to. Some pentests entail just lousy apps wrote by security savvy developers which laugh at our faces as we desperately try to avoid the worst sin a pentester might do: An empty report. … Continue reading The Java Soothsayer: A practical application for insecure randomness. (Includes free 0day)

Breaking the unbreakable voting machine! Bluefrost Ekoparty Stack Overflow Challenge

This is long overdue, but I wanted to do a write up of this challenge, hopefully someone will find it helpful if they find themselves on a similar situation and need a close example. So here it is. For 2017’s EkoParty, Bluefrost Security issued a challenge, a spoof of the very controversial topic of the electronic … Continue reading Breaking the unbreakable voting machine! Bluefrost Ekoparty Stack Overflow Challenge