Published: 15 December 2022    Last Updated: 16 December 2022

A couple of years ago I wrote an article about hashcracking with Hashcat and AWS; but that was back on Ubuntu 16.04 and it involved manually compiling the packages. So I thought I’d best update it for Ubuntu 22.04 and why not use the Nvidia ubuntu repos to make things easier too.

Published: 01 December 2022    Last Updated: 23 December 2022

First of all, what is username enumeration? It is when a web application has a feature that allows a user to supply a username and the application will disclose (not necessarily intentionally) if the username is valid or not. This is closely related to Username Disclosure, except in the latter the application is including valid usernames in server responses in some way, which allows an attacker to determine a username is valid without having to specify it first themselves. Both of these are an issue and both should be addressed.

Published: 09 November 2022    Last Updated: 11 November 2022

An authentication factor is something that is supplied to verify an identity – the most common example of an authentication factor is a password, a secret word used to authenticate yourself for access to an account. Multi-factor authentication is the requirement to supply several factors during authentication. This is often called “Two Factor Authentication” (2FA) as, most commonly, two factors are required, but it could, in some instances, be more and so MFA is the more general term.

Published: 02 November 2022    Last Updated: 04 November 2022

With modern platforms such as WordPress, WooCommerce, Magento, and Shopify, it’s now easier than ever to create an online store. However, many online retailers are not cybersecurity experts and might not be sure where to get started with securing their site.

Published: 02 November 2022    Last Updated: 03 November 2022

After publishing yesterday’s article about how frequently you should get a penetration test, I inadvertently started a discussion on Twitter about another aspect of penetration testing delivery: Should you change providers, or you should stick with who you know?

Published: 28 October 2022    Last Updated: 03 November 2022

Choosing a PenTesting provider can be difficult, how do you know if they’re good at what they do and they’ll make working together easy? Perhaps you have a provider already, but they’ve not lived up to your expectations.

Since choosing a testing provider is a critical part of your cybersecurity strategy, we’ve added a few things to consider here. We’re also available for advice and help if you’ve got questions about testing in general or how to get started with your strategy.

Published: 28 October 2022    Last Updated: 03 November 2022

The truth is, it’s very unlikely you’ll even get a strong answer from an organisation as to how frequently you should test. Even organisations like the NCSC, who offer guidance to UK businesses on how to stay secure, don’t give a direct answer to the question. However, they may comment on other businesses behaviour such as saying “it’s not uncommon for a year or more to elapse between penetration tests” before commenting that this is likely insufficient.

Published: 27 October 2022    Last Updated: 03 November 2022

Tips and tricks to make the most of your penetration testing budget. We suggest practical ways to obtain the best value for your spend.

Published: 27 October 2022    Last Updated: 03 November 2022

Turn Penetration Testing from a cost to a competitive advantage using customer retention, legal compliance and modern business practices in your favour.

Published: 27 October 2022    Last Updated: 03 November 2022

Sweet32 describes a birthday attack on 64-bit block ciphers. This attack has been demonstrated against both 3DES and Blowfish, against both VPNs as well as HTTPS traffic. This attack allows an attacker who can perform an interception attack to decrypt small amounts of ciphertext, such as session tokens and other sensitive cookie values.

Published: 25 October 2022    Last Updated: 03 November 2022

Lucky 13 is a padding oracle vulnerability against CBC-mode ciphers in TLS that utilises a timing side-channel. This issue is due to a flaw within the SSL/TLS specification and is not implementation specific, however implementations may be able to harden against exploitation of this issue and prevent exploitation by removing the timing side-channel.

Published: 25 October 2022    Last Updated: 03 November 2022

The use of Cipher Block Chaining (CBC) mode ciphers is “discouraged”. This term is used as these cipher suites have not been formally deprecated but have effectively been superseded. For example, later version of Transport Layer Security support more secure cipher mode options such as Galois/Counter Mode (GCM) ciphers. Additionally, CBC-mode ciphers have had a series of vulnerabilities such as Lucky13, Zombie POODLE, GOLDENDOODLE, 0-Length OpenSSL, and Sleeping POODLE.

Published: 25 October 2022    Last Updated: 03 November 2022

Padding Oracle On Downgraded Legacy Encryption (POODLE) is an attack against SSLv3.0. It exploits two aspects of SSLv3.0. The first aspect involves an attacker performing an interception attack and modify network traffic between a client and server, downgrading the connection to SSLv3.0. The second aspect is a padding oracle issue with block ciphers in cipher-block chaining mode in SSLv3.0 which allows an attacker to decrypt small amounts of ciphertext within messages, such as session tokens and confidential cookie values.

Published: 21 October 2022    Last Updated: 03 November 2022

Factoring RSA Export Keys (FREAK) is an attack against “export ciphers suites” which are cipher suites that have intentionally limited security due to prior regulation within the United States. This regulation placed restrictions on the strength of encryption algorithms used in software for exportation. This attack was demonstrated in 2015 and can allow an attacker who is able to perform an interception attack against HTTPS traffic to decrypt message contents.

Published: 21 October 2022    Last Updated: 03 November 2022

An attack against RC4 was demonstrated in 2015. This attack affects the use of RC4 in several protocols, including within Transport Layer Security (TLS) used by web browsers and web applications but also within WPA-TKIP used by wireless networks. This weakness in RC4 when applied to TLS can allow an attacker to decrypt a small amount of repeated content, such as a session token or other sensitive cookie values.