Introduction Secure code reviews are an indispensable practice if you’re serious about building secure software. Software development processes that incorporate secure code reviews are much more effective at producing secure code than those that don’t. Code reviews are necessary because they can detect a wide range of issues that other security measures may not catch; … [Read more…]
A while back, I had a nice chat with a venture capitalist about the cybersecurity industry. She was picking my brain about trends I had observed when she asked me a great question: “When you hear about a new cybersecurity solution, how do you predict whether or not a new solution will be truly successful?” … [Read more…]
Directory traversal 101 If you develop or maintain any software that allows a user to request files from a server (e.g. a web server), you need to watch out for directory traversal attacks. They work like this: Imagine your server is configured to serve files from the directory /var/srv/my-site (henceforth known as the “document root”). … [Read more…]
An example of how to execute pass-the-hash attacks over PowerShell remoting using Python.
You may not know this, but creating and using files in /tmp is dangerous.“ Why?” you ask. Well, /tmp is world readable and world writable, meaning that any user on the system may read or write to it. Therefore, when an application creates files in /tmp, it must take special care to create those files … [Read more…]
Did you know that misuse of the /tmp directory is one of the most common security flaws? If you search mitre for the keyword “tmp”, you’ll find a plethora of vulnerabilities (529 at the time of this writing). Because /tmp is a world-writable directory, applications need to be very careful about how they create and … [Read more…]
As a security professional and hobbyist, I often deal with security vulnerabilities that are caused by race conditions. By their very nature, race conditions are nondeterministic, which makes them hard to diagnose, difficult to reproduce, and tedious to debug. They can cause serious security vulnerabilities and go quietly undetected for years. Once a race condition … [Read more…]
Are you interested in a career in cybersecurity? Are you wondering how to get your foot in the door? Well, don’t just get your foot in the door, kick down the door. Create your own cybersecurity internship by contributing to an open source project.
Description Natural Language Toolkit (NLTK) prior to version 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction. Vulnerability Analysis NLTK data packages provide linguistic data sets for use in natural language processing. These data … [Read more…]
This article details my discovery of CVE-2019-14452.