Interesting points from the article of why VMs can be used as a persistence technique during a pentesting or redteam engagement:
- Lack of monitoring and security controls inside the VM
- They can be setup automatically in case the host reboots
Obfuscation - VMs can use disk encryption to make forensic investigations difficult
• Backdoor - Many virtualization products come with features to establish native host connections that might
stay undetected (such as Shared Folders for persistent access to files on the host)
OWASP Mitigation : P1
Authentication and session management :
- Make usernames, passwords and authentication data case sensitive and unique for each user #infosec#websecurity#owasp
Password auditing:
- Use complex password policy: upper and lower cases with special characters
- Long phrases are better to use instead of a regular complex password because they are unique and easy to remember
- Forbid the use of common passwords i.e password123
- Use Multifactor authentication [MFA]
- Use strong hashing algorithm such as SHA-2, bcrypt
- Limit session expiration time
- Use generic error messages for incorrect login attempts to avoid revealing information an attacker can useduring their enumeration process
SQL injection mitigations: Method #1
"Prepared Statements" is including place holders instead of variables in SQL queries that later on would be replaced by the user's input.
The SQL statement will run first with the place holder and then the actual data will be sent to the database and replace the placeholder inside SQL statements
Ex of a prepared statement
String email = "user@email.com";
String sql = "SELECT * FROM users WHERE email = ?";
In a second order SQL injection, an application takes a user input from an HTTP request and stores it for future retrieval. It is two parts injection #HTB#infosec#websecurity
An example of this would be a vulnerable application that has "sign up" page and "login page". The sign up page would be used to send POST requests to store data in the db in a form of SQL query and the login page would be used to send different POST requests to retrieve thedata
@LissanonCedric actually, no both requests are POST requests. That was a typo, I fix it . Thanks for bring it up 👍
Same Origin Policy is a web security concept that allows browsers to prevent loading scripts from different sources or reading cookies and session data remotely. It helps to prevent basic XSS and CSRF attacks #websecurity#infosec
An origin consists of a URI scheme://+host name + port number
Ex: example.com:8080
*If no port is given, it will be given the default port of the scheme. HTTP is 80 and HTTPS is 443
This policy allows browsers to load and read data from the scope of the same origin only
Ex: company.com as an origin can load scripts and read data only from pages that have the same origin as http:// company.com or company.com/dir/