Prawodawstwo unijne w ostatnich latach jest coraz bardziej aktywne w kwestiach związanych z szeroko pojętym cyberbezpieczeństwem. Komisja Europejska bez wątpienia dostrzega problematykę braku odpowiedniego ogólnego poziomu cyberbezpieczeństwa w państwach członkowskich i aktywnie działa na rzecz poprawy sytuacji. Wystarczy wspomnieć tu o The EU Cybersecurity Act, czy od dawna już obowiązującą dyrektywę NIS (ang. Directive on Security of Network and Information Systems), która weszła w życie w 2016 roku, a na grunt krajowego porządku prawnego została wprowadzona jako Krajowy System Cyberbezpieczeństwa (KSC) w 2018 roku. W tym roku czeka nas również aktualizacja KSC o unijną dyrektywę NIS 2. Odpowiedni projekt ustawy trafił ostatnio do konsultacji publicznych.

We designed and implemented bof-launcher with a portability in mind so running BOFs on Linux ARM-based devices is a snap. Below, we’re running our uname BOF on Raspberry Pi device. For convenience we use our cli4bofs tool to execute BOF directly from command line. So let’s jump to our device:

During last months we were busy working on our bof-launcher project. In essence it is an open-source library for loading, relocating and launching Cobalt Strike’s BOFs on Windows and UNIX/Linux systems. But it also contains other very interesting features and capabilities that are worth discussing.

Additional references to materials about the Burp Suite Pro tool and its usage:

It’s already a common knowledge that merely rebuilding binaries could be a good way to attempt to bypass many AV solutions. Here’s a good illustration of exactly that case from our recent penetration testing engagement. Here’s the scenario:

Below is a nice Burp trickery I’ve learnt from Ryan and extended it also for apps that are using token-based session handling.

As in most penetration testing/red teaming companies we at Z-Labs use Nmap security scanner tool quite extensively. During one of our network penetration testing engagements we have noticed that UDP scanning (-sU) functionality misbehaves and does not correctly detect opened UDP ports. Soon after that we identified in Nmap (versions: 7.91 and 7.90) subtle implementation issue that resulted in corrupted UDP packets sent during a scan.

There are already great resources about mobile app security testing out there. So here I’m mostly just keep track of resources/approaches that worked for me (with additional comments), to have it in one place for the sake of future reference.

Burp has some nice export features which (combined with some 3rd party tools) can greatly aid in the process of looking for additional/hidden endpoints and/or hardcoded secrets.

It was already discussed here. Putting here for quick reference.

In the past, I found (already quite old - presented in 2013) slide deck Burp Suite Pro real-life tips & tricks authored by Nicolas Grégoire very useful which gave me motivation to constantly look for effciencies in my day to day Burp Suite Pro usage. Since that time Burp has significantly evolved (major milestone - version 2.x was released) and lots of interesting 3rd party extensions were developed.

LES security tool, developed and maintained by Z-Labs is the next generation version of the tool designed to assist the security tester/analyst in looking for critically vulnerable (i.e. locally exploitable) Linux machines during manual red tem/pentest engagement. In this post I will describe how the tool works and how to use it effectively.

We climbed three additional peaks from Crown of Polish Mountains during recent hiking in Owl Mountains and near areas.

Some photos from this year’s hiking in Dolomites: