Praetorian Security Blog

When you're constantly advancing your industry and helping secure today's leading organizations, people notice. Explore our cutting-edge information security news and research.

Cloud Security Best Practices for Amazon Web Services (AWS)

Posted on Thursday, October 02, 2014 by Romulo Salazar

Over the last 18-months we have seen more and more of our clients turn to IaaS (Infrastructure-as-a-Service) providers to support their enterprise infrastructure needs. While there are obvious benefits to utilizing these types of services, such as reducing the complexity associated with managing an enterprise infrastructure, moving to the cloud can also introduce new security concerns. Most often these concerns arise as a result of misconfigured cloud instances.

read more »
Romulo Salazar

CRITICAL: Bash “Shellshock” Vulnerability

Posted on Friday, September 26, 2014 by Paul Jauregui

On September 24, 2014, a vulnerability in Bash—now referred to as the ‘Shellshock’ bug—was publicly announced after its discovery last week by Stephane Chazelas. Security experts expect the Shellshock bug to have significant and widespread impact, potentially more devastating than Heartbleed.

read more »
Paul Jauregui

Building the HashCat API in Ruby to Crack Passwords in the Cloud

Posted on Tuesday, September 23, 2014 by Coleton Pierson

Have you ever had an amazing idea for automating two or more pieces of technology and then realized one of them doesn't have an API? I came across this problem more than once during the development of a couple of projects here at Praetorian. In this post, I'll share some of the libraries and techniques I have used to build out APIs for CLI programs, such as HashCat and nmap. Hopefully, these techniques and libraries will be helpful to you when building out new web applications and frameworks.

read more »
Coleton Pierson

Why You Should Add Joern to Your Source Code Audit Toolkit

Posted on Tuesday, September 09, 2014 by Kelby Ludwig

Joern is a static analysis tool for C / C++ code. It builds a graph that models syntax. The graphs are built out using Joern’s fuzzy parser. The fuzzy parser allows for Joern to parse code that is not necessarily in a working state (i.e., does not have to compile). Joern builds this graph with multiple useful properties that allow users to define meaningful traversals. These traversals can be used to identify potentially vulnerable code with a low false-positive rate.

read more »
Kelby Ludwig

Using Developer Debugging Tools to Pentest Mobile Applications

Posted on Thursday, August 28, 2014 by Anthony Marquez

During a recent assessment, I was pentesting a hybrid mobile application that is a companion to a web application. The applications allow users to collaborate while creating new interactive digital content. Through the web interface, content creators are allowed to upload a wide range of files, including HTML files, and share the content with other individuals in their organization. Thus, any user with proper permissions is able to view and edit shared content.

read more »
Anthony Marquez

Man-in-the-Middle TLS Protocol Downgrade Attack

Posted on Tuesday, August 19, 2014 by Hayden Blauzvern

A flaw was recently found in OpenSSL that allowed for an attacker to negotiate a lower version of TLS between the client and server (CVE-2014-3511). While this vulnerability was quickly patched, an attacker that has control of your traffic can still simulate this attack today. Let’s explore how this is possible through looking at man-in-the-middle attacks and how browsers handle SSL/TLS connections. In addition, we will see the implications of the attack on cryptographic security.

read more »
Hayden Blauzvern

PHP-CGI Remote Command Execution Vulnerability Exploitation

Posted on Tuesday, August 12, 2014 by Josh Abraham

During a recent penetration test, our team found a few web servers that were vulnerable to a PHP-CGI query string parameter vulnerability (CVE-2012-1823). This vulnerability allows an attacker to execute commands without authentication, under the privileges of the web server. The target environment had very strong egress controls in place. All outbound ports were blocked and only ports 80 and 443 were allowed inbound. This made it difficult to obtain an interactive shell. Therefore, we decided to build a proof of concept exploit script using cURL to execute commands and then take it to the next level by authoring a new Metasploit Module.

read more »
Josh Abraham

The Top 5 Most-anticipated Talks at Black Hat USA 2014

Posted on Wednesday, July 30, 2014 by Kelby Ludwig

Another year, another Black Hat. The massive security conference in Las Vegas draws the best hackers from around the world to speak about what they do best—breaking everything. Black Hat USA is a major attraction for the InfoSec community and certainly one of the big events the Praetorian team anticipates each year. To unleash some of our pent-up excitement, we are sharing our countdown for the top five most-anticipated talks at Black Hat USA 2014.

read more »
Kelby Ludwig

MAC Cryptographic Errors and Vulnerabilities in SSO Authentication

Posted on Friday, July 25, 2014 by Anthony Weems

In-house crypto is often a goldmine of cryptographic errors and vulnerabilities. In this post, I'll describe one of the glaring errors discovered in an online customer support and help desk solution we were considering for use in Praetorian's cloud-based password cracking service, Project Mars. Hopefully, this can serve as a warning to anyone thinking about writing his or her own crypto libraries.

read more »
Anthony Weems

CRITICAL: New Internet Explorer Zero-day Vulnerability

Posted on Sunday, April 27, 2014 by Paul Jauregui

Only a few weeks after Heartbleed hit the Internet by storm, reports of another serious zero-day vulnerability are starting to circulate within the security community. Over the weekend Microsoft released Security Advisory 2963983, which details a new remote code execution vulnerability impacting ALL versions of Internet Explorer (IE6-IE11). Microsoft is aware of “limited, targeted attacks that attempt to exploit the vulnerability.” The company is currently investigating public reports of the vulnerability and it has yet to publicize details to the reserved CVE-2014-1776, but there are steps organizations can take to protect against this threat.

read more »
Paul Jauregui