Category Archives: Security

Clickstudios Passwordstate Cross-Site Scripting (XSS)

I recently performed a penetration test against an instance of Clickstudios Passwordstate, a web based Enterprise Password Management solution.

During testing, three instances of cross-site scripting were identified. This blog post is intended to serve as public disclosure of the issues for CVE-2018-14776, which have since been patched by Clickstudios.

Read more »

Ruxcon CTF 2017 – Unix2 Write-up

Ruxcon 2017 CTF

This is my write up for the second Unix challenge at the Ruxcon 2017 security conference capture the flag (CTF).

The challenge was called ‘Bit early in the morning for kungfu’ and was worth 300 points.

Read more »

Ruxcon CTF 2017 – Unix1 Write-up

Ruxcon 2017 CTF

This is my write up for the first Unix challenge at the Ruxcon 2017 security conference capture the flag (CTF).

The challenge was called ‘Judo’ and was worth 100 points.

Read more »

Why You Need HSTS (HTTP Strict Transport Security)

Why HSTS is important

The HTTP Strict-Transport-Security (HSTS) header can be used to increase the security of a website. In this post we’ll discuss how it works, why it’s important and why you should consider using the HSTS header.

Read more »

Trend Micro CTF 2017 – Forensic 200 Write-up

Trend Micro CTF 2017 Forensic 200 challenge

The Trend Micro CTF 2017 was run again this year between the 24th and 25th of June 2017. This is my solution to the 200 point forensics challenge. I was only able to complete around 90% of the challenge during the actual CTF, I didn’t complete it until a week after it was over.

Read more »

BSides Canberra 2017 CTF – Rekt Exfil Write-up

The BSides Canberra 2017 conference just wrapped up along with the capture the flag event and I wanted to document my solution to one of the two memory analysis challenges from the forensic category titled “Rekt Exfil”.

I was keen to try this challenge as I’m pretty interested in memory analysis. The first time I ever attempted a memory challenge was actually during the BSides Canberra 2016 CTF, so it’s been a full year since my first time.

Read more »

How To Secure Invision Power Board (IPB)

How To Secure Invision Power Board

This guide will show you how to increase the security of an Invision Power Board (IPB) installation. We’ll walk through practical examples for you to follow to harden IPB, reducing your attack surface.

There are a lot of insecure default options which unless modified will put you at a higher risk of being compromised by an attacker. Here we will outline what should be modified to increase security of IPB.

Read more »

Find The IP Address Of A Website Behind Cloudflare

Find a server IP address hidden behind Cloudflare

Cloudflare is a freely available service that offers CDN and caching functionality. In order to use Cloudflare a domains DNS will be updated to send all traffic through Cloudflare, as a result it will hide the IP address of the actual web server where the website is hosted in order to provide various protections.

By doing this, Cloudflare essentially hides the real IP address of the web server that is hosting the website. There are many times that we may wish to be able to find the actual IP address of a server behind Cloudflare, such as during a penetration test you may want to bypass the web application firewall (WAF) completely by directly targeting the server itself.

The simple methods outlined here will show you how to find the real IP address of a website that is hidden behind Cloudflare. First we’ll cover the manual methods that can be used so that you understand what is going on before looking at automated options. Along the way we provide mitigations that can be used in order to protect yourself from these methods.

Read more »

How To Add A Nessus Scanner To SecurityCenter Using Certificates

Add Nessus Scanner To Tenable SecurityCenter

This guide will show you how to add a Nessus scanner into Tenable’s SecurityCenter using certificate based authentication, rather than standard username and password authentication.

Read more »

AusCERT 2016 CTF – Game of memory write-up

The AusCERT 2016 Capture The Flag (CTF) was run from the 24th to 26th of May 2016, these are my solutions to the “Game of memory” category of challenges which was made up of 5 parts each worth 100 points, for a total of 500 points.

Read more »