Skip to main content

Search form

  • USA

    Choose Your Destination

    Union FlagUK
    Drapeau françaisFR
    Schwarz-Rot-GoldDE
    Bandeira Verde-RubraPT
    Bandera de EspañaES
    Marine Geus or PrinsengeusNL
    Bandiera d'ItaliaIT
    Bandeira do BrasilBR
    Stars and StripesUSA
    Flag of SwitzerlandCH
  • Contact
Claranet Cyber Security
  • Testing
    • Penetration testing
    • Continuous Security Testing
    • Red team exercises
  • Training
    • Our training roadmap
      • Black Hat
      • Hacking 101
      • The Art of Hacking
      • Web hacking training
      • Infrastructure hacking training
      • Advanced web hacking training
      • Advanced infrastructure hacking training
      • Hacking cloud infrastructure training
      • DevSecOps training
      • AppSec training for developers
    • About our training
    • Attend from Anywhere
  • Protect and detect
    • Application security
    • Managed detection and response
  • Events
  • Blogs & Insights
  • About
    • Claranet facts
    • NotSoSecure and Claranet
    • Accreditations
  • Testing
    • Penetration testing
    • Continuous Security Testing
    • Red team exercises
  • Training
    • Our training roadmap
      • Black Hat
      • Hacking 101
      • The Art of Hacking
      • Web hacking training
      • Infrastructure hacking training
      • Advanced web hacking training
      • Advanced infrastructure hacking training
      • Hacking cloud infrastructure training
      • DevSecOps training
      • AppSec training for developers
    • About our training
    • Attend from Anywhere
  • Protect and detect
    • Application security
    • Managed detection and response
  • Events
  • Blogs & Insights
  • About
    • Claranet facts
    • NotSoSecure and Claranet
    • Accreditations
  • USA
  • Contact
  • Home
  • >
  • All
  • >
  • Technical Blog
    • All
    • Technical Blog
    • Security Insights

    Security Architecture Review Of A Cloud Native Environment

    Overview Due to its massive adoption, cloud computing has become a critical component for every enterprise. A large number of organisations want to migrate to the cloud, however, its security posture is still a blind spot for everyone. Nevertheless, we have seen a big rise in the number of requests to check the security posture of cloud infrastructure deployments.

    Blog

    Flutter based Mac OSX Thick Client SSL Pinning Bypass

    During one of our recent thick client application penetration tests, Sanjay encountered a scenario where the application was built on top of a Flutter framework and had an SSL pinning check in one of the embedded libraries. Due to this check, the application provided an SSL pinning error when it was configured using Burp.

    Blog

    NotSoSecure @ HackerSummerCamp 2019

    With each passing year NotSoSecure presence becomes bigger and better at Hacker summercamp. This year @ hackersummercamp 2019 we were present in multiple capacities and performed multiple duties. Here is an outline of what we did this summer

    Blog

    The Anatomy Of A Cloud Hack

    This session explores Cloud Security Breaches, and how available reconnaissance techniques and tools are leveraged by unethical hackers to successfully uncover vulnerabilities. Learn how cloud security differs from conventional security and how to utilize cloud services to perform continuous monitoring and defence.

    Blog

    Application Security For Developers

    Blog

    Secrets Management using Hashicorp Vault Webinar for Nullcon

    Rohit Salecha is a technology enthusiast who loves to dive deep into the world of technology. His current expertise revolves around finding interesting bugs in Web Applications and also loves doing Android and iOS app security assessments.

    Blog

    Automating Pentests for Applications with Integrity Checks using Burp Suite Custom Extension

    During one of our recent web application penetration testing assignments, @realsanjay encountered a scenario where the application employed an integrity check on HTTP request content. The integrity check was maintained using a custom HTTP header that stored the HMAC of HTTP request content based on session-specific CSRF tokens. Any modification in the HTTP request would result in a “499 Unknown” HTTP error response.

    Blog

    Exploiting VLAN Double Tagging

    We have all heard about VLAN double tagging attacks for a long time now. There have been many references and even a single packet proof of concept for VLAN double tagging attack but none of them showcase a weaponized attack.

    Blog

    Continuous Security Monitoring using ModSecurity & ELK

    Recently, NotSoSecure got an opportunity to explore the working of monitoring and alerting systems as a part of a project. In this blog post, Anand Tiwari will talk about his experience and challenges faced while setting up one such monitoring and alerting system.

    Blog

    Semgrep A Practical Introduction

    Static Application Security Testing or SAST is a testing methodology that analyses application source code to identify security vulnerabilities (such as, but not limited to, the Injection vulnerabilities, any Insecure Functions, Cryptographic Weaknesses and more). Typically, SAST includes both manual and automated testing techniques which complement each other.

    Blog

    Cloud Services Enumeration - AWS, Azure and GCP

    TL;DR: We have built cloud enumeration scripts now available @ https://github.com/NotSoSecure/cloud-service-enum/. This script allows pentesters to validate which cloud tokens (API keys, OAuth tokens and more) can access which cloud service.

    Blog

    Identifying & Exploiting Leaked Azure Storage Keys

    In this blog, Sunil Yadav, our lead trainer for “Advanced Web Hacking” training class, will discuss a case study of Remote code execution via Azure Storage when the Azure Function deployment is configured to run from Storage Account using WEBSITE_CONTENTSHARE app setting.

    Blog

    Achieving DevSecOps using AWS Cloud Native Services

    In our previous article Achieving DevSecOps using Open-Source Tools we explored what “DevSecOps” really meant and how that can be achieved using simple Open-Source tools integrated into an existing DevOps pipeline orchestrated with Jenkins and deployed on docker in an ad hoc on-premises architecture. In this article Rohit Salecha and Anand Tiwari explain how DevSecOps can be achieved for an environment which is completely operated on AWS and their native offerings.

    Blog

    Exploiting ViewState Deserialization using Blacklist3r and YSoSerial.Net

    In this blog post, Sanjay talks of various test cases to exploit ASP.NET ViewState deserialization using Blacklist3r and YSoSerial.Net. Blacklist3r is used to identify the use of pre-shared (pre-published) keys in the application for encryption and decryption of forms authentication cookie, ViewState, etc. We discussed an interesting case of pre-published Machine keys, leading to an authentication bypass. Read more How to obtain MachineKey? There are multiple ways but not limited to the following to obtain the Machine Key used by a .NET application:

    Blog

    Achieving DevSecOps with Open-Source Tools

    Today, DevOps is enabling organisations to deploy changes to production environments at blazing speeds. A typical DevOps process flow through the following stages.

    Blog

    Exploiting SSRF in AWS Elastic Beanstalk

    In this blog, Sunil Yadav, our lead trainer for "Advanced Web Hacking " training class, will discuss a case study where a Server-Side Request Forgery (SSRF) vulnerability was identified and exploited to gain access to sensitive data such as the source code. Further, the blog discusses the potential areas which could lead to Remote Code Execution (RCE) on the application deployed on AWS Elastic Beanstalk with Continuous Deployment (CD) pipeline.

    Blog

    Hunting the Delegation Access

    Active Directory (AD) delegation is a fascinating subject, and we have previously discussed it in a blog post and later in a webinar. To summarize, Active Directory has a capability to delegate certain rights to non (domain/forest/enterprise) admin users to perform administrative tasks over a specific section of AD.

    Blog

    Project Blacklist3r

    TL;DR The goal of this project is to accumulate the secret keys / secret materials related to various web frameworks, that are publicly available and potentially used by developers. These secrets will be utilized by the Blacklist3r tools to audit the target application and verify the usage of these pre-published keys.

    Blog

    Out of Band Exploitation (OOB) CheatSheet

    Out-Of-Band (OOB) technique provides an attacker with an alternative way to confirm and exploit a vulnerability which is otherwise “blind”. In a blind vulnerability, as an attacker you do not get the output of the vulnerability in the direct response to the vulnerable request. The OOB techniques often require a vulnerable entity to generate an outbound TCP/UDP/ICMP request and that will then allow an attacker to exfiltrate data. The success of an OOB attack is based on the egress firewall rules i.e.

    Blog

    Speak to our experts about your needs today

    Claranet USA

    • Services
      • Testing - We hack
      • Training - We teach
      • Protect and detect - We protect

    Quick Links

    • Events
    • Blogs and insights
    • Privacy policy
    • Legal information
    • Covid-19 Statement

    About us

    • Claranet facts
    • NotSoSecure and Claranet
    • Accreditations

    © Copyright Claranet limited 1996-2022