Nikto

Attacking a website is not a straightforward process where you start randomly typing and suddenly have access to the system. Before exploiting a vulnerability, you have to actually find the vulnerability. The first part of attacking a system is information gathering. There are a lot of excellent tools out there for information gathering like Maltego or Nmap. Even a simple Google search can give you lots of useful information. After compiling a list of targets to focus on, you can start scanning those targets for vulnerabilities that can potentially be exploited. This is where Nikto comes in.

Read more

Docker RunC Container Escape

Docker containers allow developers to package their application with all of its dependencies and components, into a single package. This way it will run quickly and reliably in many different computing environments. On the surface Docker containers can seem safe, as they isolate an application and its dependencies into a self-contained unit, but in reality, we all know that nothing is truly secure. The same goes for Docker.

Read more

Network Defence and Monitoring With Suricata

Suricata is a real-time threat detection engine that helps protect your network against threats by actively monitoring network traffic and detecting malicious behavior based on written rules. It can operate in a network security monitoring (NSM) mode and can also be configured as an intrusion prevention system (IPS) or intrusion detection system (IDS). The Suricata project is free and open-source. What makes it stand out from its alternatives such as Snort, Zeek and Sagan, is its support for multi-threading, HTTP/TLS logging and other great features out of the box -- making it a great asset to your network defense solutions, whether the goal is to protect a business or home network.

Read more

Linux privilege escalation using Wildcard Injection

Wildcards are symbols which represent other characters. You can use them with any command such as the cat or rm commands to list or remove files matching a given criteria. There are others, but the one that is important to us right now is the * character, which matches any number of characters.

Read more