Security

Introduction X.509 certificates are used to secure communications online by encrypting data and verifying identities, such as in HTTPS or VPNs. During penetration tests, it’s important to check if systems correctly handle cloned certificates. Cloned certificates are fake copies that look like real ones but aren’t properly signed by a trusted CA. I wrote a simple python script called dollyx509 that creates clones of X.509 certificates. Script and Usage The script can be found on GitHub: dollyx509. ...

Introduction When you don’t have Internet connection during a web application pentest and you still want to install some BApps in the Burp Suite, you have to download them manually from the BApp Store. If you use a lot extensions, this can be a tedious task. It’s possible to download all BApps using a little script to simplify this task. Script The following script can be used to download all Burp Suite BApps from the BApp Store: ...

Introduction In pentests, connecting devices to your own network can be very useful. This enables you to exfiltrate data, download tools, analyze the network traffic and even use a transparent HTTP proxy to intercept and manipulate traffic between the devices and servers. This approach helps finding potential security weaknesses in applications and network communications. In order to make this process easier, I created a script 802.11evil that starts a new Wi-Fi network which can then be used to analyze the network traffic of the connected clients and also perform some VPN bypasses. ...

Introduction I was recently playing around with DNSSEC and figured out that the root DNS zone . uses NSEC and not NSEC3 to prove the absence of a resource record. This looked interesting to me and triggered some ideas. So I did some experiments and here are the results. TL;Dr: The most interesting facts: The root DNS zone uses NSEC can be therefore be DNSSEC zone walked There are more than 1500 TLDs More than 90% of all TLDs haven DNSSEC configured The most used algorithm for signing DNS zones is RSA/SHA-256 53 TLDs also use NSEC and can therefore also be DNSSEC zone walked Note: The results may not be exactly accurate because it was not always verified if every query was always successful. ...

Introduction In pentests, you often need to create X.509 certificates (e.g. for TLS) or Certificate Authorities (CAs) to mimic secure environments during your tests. Manually generating these certificates with tools like openssl can be time-consuming and error-prone, especially when you’re in a hurry. Who remembers all these commands? Whether you’re setting up a fake webserver for data exchange, a proxy setup, a machine-in-the-middle (MITM) attack, testing secure connections, or creating your own CA chain, manually generate these certificates should not take much time. ...