TSA’s Proposed Cybersecurity Rule for the Transportation Sector – The Need for Penetration Testing
In an era where cyber threats are increasingly sophisticated, the Transportation Security Administration (TSA) has proposed a new set of cybersecurity requirements targeting the pipeline, rail, and over-the-road bus (OTRB) sectors. This Notice of Proposed Rulemaking (NPRM) aims to strengthen protections for critical infrastructure by mandating a comprehensive Cyber Risk Management (CRM) program for certain […]
Web and Mobile Application Fuzzing Best Practices
If you’re reading this, you’ve probably used tools like Ffuf or Gobuster to fuzz an application to expand the attack surface and potentially find sensitive files and directories. Unfortunately, we here at Brackish find that a lot of testers are doing fuzzing incorrectly. Read below to get our Rules of Fuzzing and even a generic […]
Logging – Mobile Application Penetration Testing #6
Welcome back to the long awaited next entry in Brackish Security’s Mobile Application Penetration Testing series. When conducting mobile application penetration testing, inspecting logs on iOS and Android is a crucial step in understanding how an app behaves, particularly in how it handles sensitive data, error handling, and debugging information. Log files can provide insight […]
JavaScript Source Map Vulnerabilities
What is a JavaScript source map file? Source map files map the transformed, minified, or compiled code back to the original source code, and they can often be found exposed publicly in web applications. This is particularly useful for debugging because it allows developers to view and step through the original source code even when […]
MouseJacking (With Flipper Zero): Tales from Pen Testing Trenches
As a continuation in our series of penetration testing stories (who doesn’t love those) we bring you MouseJacking (With Flipper Zero). Check out the first blog post in the series here here. In this engagement, we were successfully able to compromise a network utilizing an old attack vector – MouseJacking. MouseJacking was first brought to […]
Tales from Pen Testing Trenches: MAC Address Whitelisting Failure
MAC address whitelisting is commonly perceived as a foolproof network security mechanism. Yet, Brackish Security’s recent test on a wireless network illustrates how easily this method can be bypassed, challenging its efficacy as a standalone security solution. MAC address whitelisting operates on the premise that only devices with pre-approved MAC addresses can access a network. […]
Android Studio – Mobile Application Penetration Testing #5
Welcome back to our series on Mobile Application Penetration Testing! In this post we will discuss Android Studio and Android Debug Bridge. If you’re new to this, you might want to go read from the beginning or check out the previous post. But not only will we discuss Android Studio and Android Debug Bridge, we […]
The Importance of Comprehensive IoT Penetration Testing in Modern Cybersecurity
IoT Penetration Testing is needed in today’s dynamic landscape of the Internet of Things (IoT), where everyday devices are interconnected and smarter than ever. Comprehensive IoT Penetration Testing emerges as a crucial strategy for businesses and individuals alike to fortify their digital frontiers. This blog post delves into the why and how of thorough IoT […]
IIS Short File Name Enumeration
Microsoft IIS short file name enumeration is a technique used to discover the filenames and directories on a web server running IIS. This method exploits a feature in IIS related to how it handles file and directory names. This vulnerability is kind of the gift that keeps on giving. As of writing, it’s been around […]
Even More MobSF – Mobile Application Penetration Testing #4
In this part of the guide we go over more of the MobSF output for the YouTube APK
Software and Data Integrity Failures – OWASP Top Ten
Welcome to the final entry in our OWASP Top Ten Series – Software and Data Integrity Failures. If you haven’t read any of the previous ones, check them out. Among the OWASP Top Ten entries, Software and Data Integrity Failures have emerged as a formidable category that encapsulates a range of issues where assumptions about […]
More MobSF – Mobile Application Penetration Testing #3
Mobile Application Penetration Testing
Mobile Application Penetration Testing – #2 – MobSF Intro
If you haven’t read the previous entry in the Mobile Application Penetration Testing series, check it out. In this post we will start in with a frequently use mobile application security tool – MobSF. This is a tool that you’ll pretty much want to use on every mobile test that you do. As said before, […]
Mobile Application Penetration Testing – #1 – Getting Started
Welcome to the first of many parts of our series on Mobile Application Penetration Testing. We wanted to write this series because it seems like a lot of the material out there on mobile application penetration testing is out of date, wrong, or lacking. Furthermore, when it comes to mobile application penetration testing, there are […]
Turkeys Will Get Stuffed Soon. Credentials Will Get Stuffed Now.
Introduction Credential stuffing is a form of cyberattack where attackers use automated scripts to try a large number of username and password combinations (usually obtained from previous breaches) on multiple websites, hoping that individuals have reused their credentials. While this attack method is not sophisticated, its simplicity and effectiveness make it a go-to strategy for […]
Unmasking the Shadows: The Unseen Vulnerabilities Within Your Walls
Prior to reading this, please check out a previous blog of ours on how important an external penetration test is. Hey there, security enthusiasts and curious minds alike! Today, we are taking a deep dive into a topic that’s often buzzing around but isn’t always entirely understood – yes, we’re talking about Internal Penetration Testing […]
Beyond the Breach: The Essential Role of Regular Penetration Testing in Safeguarding Organizational Reputation
In today’s interconnected world, cyber resilience is not just about protecting data but is closely tied to an organization’s reputation and trustworthiness. A cyberattack doesn’t only translate to financial losses but can significantly tarnish a company’s image. A case in point is the recent cyberattack on Clorox, emphasizing the imperative of preemptive measures, particularly regular […]
Guarding the Digital Front Door: The External Penetration Test
The demand and pressure for penetration testing services are growing every day – ethical hackers are racing to find all the vulnerabilities before the not so ethical ones do. The subject of penetration testing has expanded and deepened, with each specific area, whether web application, IoT, wireless, or even mobile, carrying significant importance. Arguably, the […]
White Box Web Application Testing for Pentesters and Bug Bounty Hunters
White box web application penetration testing is one of my favorite things to do in the security world. If you’re new to this, “white box” means you have access to the source code of the application you’re testing. Keep in mind that the vast majority of what I will discuss in this post actually applies […]
OWASP Top Ten – Insecure Design
Insecure Design was a new entry when the latest version of the OWASP Top Ten was released in 2021. An really, what it gets at is a good lesson – Designing an application with security in mind can go a long way in ensuring that the end product is robust against all sorts of vulnerabilities. […]
OWASP Top Ten – Security Misconfiguration
What exactly is a Security Misconfiguration? It seems kind of nebulous, right? Well, that’s because it is. This vulnerability covers a wide range of issues that are some of the most prevalent in the wild and manifests in different forms—unnecessary default settings, overly verbose error handling, and unprotected files and directories, to name a few. […]
Is Caido The New Burp?
There has been some buzz around Caido recently – a contender to the Burp crown. Brackish Security testers recently sat down and tried Caido out on some real pentests. Our findings follow. Keep in mind that Caido is still fairly new, while Burp has been in development and use for a very long time. Additionally, […]
The Shield of Cyberspace: Understanding Web Application Firewalls
Introduction In our digital age, data security has grown into an essential necessity, not just a luxury. As companies depend heavily on web applications to offer their services, protecting these platforms against cyber threats becomes crucial. Here enters the Web Application Firewall (WAF) – a potent tool designed to safeguard web applications from a multitude […]
Penetration Testing: White Box, Black Box, and Grey Box Testing
In this post, we’ll dive into the definitions and differences between white box, black box, and grey box testing so that you can better understand these essential techniques for securing your attack surface. But first, let’s get the basics right. What is penetration testing? In simple terms, it’s the practice of identifying vulnerabilities, weaknesses, or […]
Certification Pinning and Root Detection: Helpful but Not Unhackable
Introduction As mobile app developers, we are constantly striving to create secure and reliable applications for our users. To achieve this, we often employ various security measures such as certificate pinning and root detection. While these practices undoubtedly enhance the security of a mobile app, it’s important to understand that no solution is ever completely […]
Insecure Direct Object Reference (IDOR) Vulnerabilities: Understanding, Exploiting, and Detecting
Introduction Insecure Direct Object Reference, or IDOR, is a common security vulnerability that exposes sensitive data and allows unauthorized access to resources. It is a critical issue that often appears in the OWASP Top Ten, a list of the most prevalent security risks in web applications. In this blog post, we will discuss what IDOR […]
Reflected XSS: Differences and Relationship with Stored and DOM XSS
Cross-site Scripting (XSS) is a prevalent security vulnerability in web applications that allows attackers to inject malicious scripts into web pages viewed by users. In this blog post, we will explore the concept of reflected XSS, compare it with stored and DOM XSS, and discuss if reflected XSS can also be stored or DOM XSS. […]
Unraveling the Intricacies of IoT Penetration Testing
Internet of What? The Internet of Things (IoT) penetration testing is needed more than ever as IoT devices have become an essential component of our everyday lives, with smart devices seamlessly integrating into various aspects of our routines. From wearable fitness trackers to smart home appliances, the IoT ecosystem is growing exponentially, promising greater convenience, […]
OWASP Top Ten – Cryptographic Failures
OWASP Top Ten – Cryptographic Failures The world of cybersecurity is constantly evolving as new threats and vulnerabilities emerge. This includes Cryptographic Failures. The Open Web Application Security Project (OWASP) Top Ten is a widely recognized list of the most critical security risks to web applications. One of the entries on this list is Cryptographic […]
OWASP Top Ten – Server Side Request Forgery (SSRF)
What is an SSRF? The next entry in our OWASP Top Ten Series covers Server Side Request Forgeries. Server Side Request Forgery (SSRF) is a security vulnerability that occurs when an attacker is able to make HTTP requests to an internal or external system from a vulnerable server, effectively using the server as a proxy. […]
IoT Testing
Here at Brackish, we’ve recently received inquiries from several customers in regards to testing their IoT devices. We took a look at our current roster of testers and while we do have some experience testing IoT devices, it wasn’t something we felt comfortable charging our clients for at this point. With that said, one of […]
Phishing, Domain Names, and TLDs
As a small or medium-sized business owner, you may be aware of the threat of phishing attacks. Phishing is a common technique used by cybercriminals to trick people into giving away sensitive information such as usernames, passwords, or credit card numbers. One way to protect your business against these attacks is to buy common domain […]
OWASP Top Ten – Identification and Authentication Failures
Identification and Authentication Failures Today we will cover Identification and Authentication Failures in our series on the OWASP Top Ten. Online security has become a crucial aspect of modern life. Today, every business is a tech business, and it becomes increasingly important to ensure that sensitive data and information are protected from unauthorized access. One […]
Local Administrator Accounts
Local administrator accounts are commonly used in Active Directory/internal networks to manage individual computers. These accounts have full control over the local computer, which can be a security risk if used carelessly. The use of local administrator accounts should be minimized to reduce the potential security vulnerabilities they pose to the network. One of the […]
Phishing – The Most Important Thing?
It seems like every day we see in the news that another organization was compromised. If we dig deep into the root cause of these breaches we find a very common theme – phishing. Phishing is the act of sending fraudulent emails or messages with the intention of tricking the recipient into revealing sensitive information […]
WordPress Security
WordPress is one of the most popular content management systems (CMS) in the world, powering over 40% of all websites on the internet. However, with great popularity comes a great responsibility to keep the WordPress installation secure. In this blog post, we’ll discuss some of the best practices that users should follow to ensure the […]
What are Weak Hashing Algorithms
“SSL Certificate signed using weak hashing algorithm” refers to a security vulnerability in the SSL/TLS certificate used by a website. A hashing algorithm is used to create a unique digital signature for the certificate, which is then used to encrypt communications between the website and its visitors. If a weak hashing algorithm is used, the […]
Attack Surface Management
Introduction External attack surface management (ASM) refers to the process of identifying, analyzing, and mitigating security risks and vulnerabilities that originate from outside an organization’s network. The focus of external ASM is to protect against threats such as hackers, cybercriminals, and malicious software that can target public-facing systems and applications. These threats can pose a […]
Taking Over Organizr Accounts
Today we have another rate-limiting issue. While this one is not as impactful as the previous one – it’s still fun. Organizr is a self-hosted application written in PHP that basically helps you self-host other services at your home. It’s nifty application with a surprisingly large amount of functionality. We were recently poking at it […]
TutorTrac Multiple Stored XSS
TutorTrac Multiple Stored XSS Brackish researchers found authenticated stored cross-site-scripting (XSS) in TutorTrac version <= 4.2.170210. An authenticated attacker could utilize crafted input in several locations throughout the application to perform XSS attacks. This is a standard stored XSS attack that can be used to steal user’s sessions cookies, amongst other things. Injection is a […]
Microsoft OAuth Open Redirect
What is an open redirect? Open redirects are a web application vulnerability that allows an attacker to redirect a user to a malicious website. It can also be used to phish a user’s credentials, deliver malware, and sometimes perform XSS. An oft used example is as follows: Upon clicking this link, a victim is redirected […]
