On the night of 23’rd January 2021 RawSEC gathered online due to covid-19, holding the usual talks but without the pleasure of promotions, food, networking and hangout fun. Sadly this is the way until end of year when covid-19 finally disappears
Speakers:
“How I found Blind SQLi in PrestaShop (CVE-2020-15160)” – Sheikh Rizan
“TPOT your home” – Mohd Zahir
“Tips using ida pro like a Pro” – Mohammad Azam
Summary
T-POT your home – Mohd Zahir
T-POT comes from honeypot, an upgraded platform that combines a few different honeypots (all in one honeypot). It attracts attackers to hack/attack and lets you distract them away from other things. Proving that certain attacks exist and collecting data. The T-POT is filled with all sorts of sensors and tools to help detect different attacks. It can be configured with different components to target different types of attacks and for different kinds of monitoring.
One way it works if via ARP spoofing. When an unused IP is used, it is redirected. Automated tools can reboot regularly to start fresh. It is very important to isolate your T-POT and honeypot setup from the rest of your network. Use vlans to help set it up and place the bait before your firewall after your NAT exposed to internet (like using DMZ).
How i found Blind SQLi in PrestaShop (CVE-2020-15160)- Sheikh Rizan
Whitebox testing being opensourced from prestashop. Setting up through a VM. Using greybox approach to find vulnerabilities. Many CMS Websites use loads of insertion points (sending data through code to be added to database). Each field and page requires a request. Extensive testing and checking the database can help reveal this. Each entry is tested with the same code using special characters to see which entry is unfiltered and which is.
When a bug is found, make sure to contact the source to get it fixed. Whitebox testing is better, less duplicates than blackbox testing.
“Tips using ida pro like a Pro” – Mohammad Azam
Using interactive disassembler pro to analyse malware. Disassemblers can be used to convert binary into source code. Not only do you disassemble but also analyse using software. IDA analyses a lot of aspects of the code including its flow in a graphical and easy to understand way.
Its virtual, not physical, its all in your head therefore it didnt really happen 🙄