Of all the ways a server is compromised, the access vertical continues to be the #1 vector. Whether it is through brute forcing attacks that guesses a users weak password, or credentials (i.e., username and password) being leaked via another compromise. Bad actors take advantage of this vector and it is why we see automated […]
The Domain Name System (DNS)
In our previous article, we explored the relationships between Registrars, Registries and DNS. In this article, we will dive deeper into the world of DNS. The art of Routing Web Requests (Hello DNS) DNS stands for Domain Name System (DNS), you might hear it used interchangeably with Domain Name Server (DNS). It is the mechanism that […]
Analyzing 17,000 Spam Links on a Hacked WordPress Site
We have been analyzing how bad actors attack WordPress, and what they do after they take control of a website. In our most recent article we watched as they modified a functions file for the active theme and injected it with 17,000 SEO links. This article dives into those 17,000 links to see what they are and […]
The Most Effective Security Control for Open Source Admin Panels Never Used
By default, most open source applications will expose the administrative panel to the world by default, but why? Why is this a core design? From a security perspective, its design leaves a lot to be desired. It’s the number one abused vector by bad actors used to compromise sites and the reasoning is simple – website […]
The Importance of Asset Monitoring
When we manage multiple assets, we must know what we have and their state. This is especially true when managing complex web ecosystems. Whether they are applications dependent on continuous communication with endpoints, or architectures reliant on multiple origins. At NOC, we don’t specifically talk to inventory management, or discovery, but should be invested in. […]
WordPress Forced Updates vs Auto-Updates and Abusing User Defined Intent
On June 1st, Automattic’s JetPack plugin released an update to patch an exploitable vulnerability. The vulnerability was found in their Carousel feature. The release invites plugin users to update their version. It warns that while it’s not known to be actively exploited it could be now that it’s been released. One thing it fails to […]
Using cURL to test the Performance of a Website
cURL is an amazing tool (available by default on Macs and Linux) that allows an administrator to remotely transfer data and most commonly used against URLs (i.e., websites). Think of it as a terminal-based browser that doesn’t try to parse the HTML. For example, if you want to get the HTML content for noc.org, all […]