Approaching a web applications security is as much about mindset as it is about the tools and configurations you deploy. It’s why security professional always talk about people > process > technology. Unfortunately, in almost every incident response instance the former components, of people and process, are often nonexistent. I blame a lot of this […]
Author: Tony Perez
Log4Shell – Lessons Learned in 30 Days
On Decemberr 9th, 2021 the web was turned on its head with the disclosure of a high severity vulnerability coined #log4shell. At the time we wrote an article on how this new vulnerability shines the light on the effectiveness of Web Application Firewalls (WAF) as a defensive control but we didn’t dive deep into the […]
NMAP – A Free Network Mapping Tool
The Network Mapper (NMAP) is an open-source, free, security scanner that is widely popular, and favorited, amongst security and network analysts. Commercial organizations have tried to emulate it’s effectiveness, but have often failed, usually resorting to integrating it into their platform as an added “feature”. At its core, however, is an extremely powerful tool that […]
WordPress Security: Active Attacks Against BackupBuddy Plugin Vulnerability
On September 6th, 2022, iThemes released a security advisory on their BackupBuddy plugin. As a global network, we’re able to actively monitor attacks in the wild as they hit our network. This article shares what we’re seeing. The BackupBuddy Plugin Vulnerability The iThemes article doesn’t go into detail about the vulnerability, but describes the vulnerability as […]
Navigating 81 Layers of Encoding to Reveal the C&C
This past week we have been sharing a series of articles that highlight steps a hacker has taken to commandeer one of our honeypot domains. We have shared steps taken to take control, the payloads deployed, and the configurations leveraged to take control of the sites SEO. As interesting as all that has been, today […]
How WordPress Gets Hacked in 2022 – Initial Reconnaissance
WordPress is the most popular open-source CMS in the world, as such it carries with it a massive target. For a bad actors it makes all the sense in the world to spend time and resources understanding the platform, especially its weaknesses and features. This article will build on this, and some research we’re doing […]
Protecting SSH on Web Servers
Of all the ways a server is compromised, the access vertical continues to be the #1 vector. Whether it is through brute forcing attacks that guesses a users weak password, or credentials (i.e., username and password) being leaked via another compromise. Bad actors take advantage of this vector and it is why we see automated […]