Blog

PHP Property Type Hints For Security

Published: September 5, 2017

Recently I’ve been spending a lot of time experimenting with PHP unserialize object injection vulnerabilities. Frequently, exploits against these types of vulnerabilities involve chaining together multiple objects to call unexpected methods on unexpected properties. This technique is known as creating a POP (property oriented programming) chain. Here are a few examples of how that plays out in PHP world…

In fact, there’s even a new project on GitHub called phpgcc which is building a list of generic POP chains (“gadgets”), similar to ysoserial in the Java world.

Google Subdomain Discovery For Sites Using Naked Domain

Published: August 30, 2017

Tags:

In a blog post from Bugcrowd titled “Discovering Subdomains”, Google dorking is the first strategy covered…

The site directive will filter results only to your target:

site:paypal.com

After we have the initial domain in there we can use the -inurl directive.

site:paypal.com -inurl:www

Each subdomain we find can then be filtered out with more -inurl directives to make place for others:

site:paypal.com -inurl:www -inurl:shopping

This strategy for identifying subdomains is very convenient, but what about if the target is using their naked domain instead of www?

curl Based SSRF Exploits Against Redis

Published: August 14, 2017

Tags:

SSRF (server side request forgery) is a type of vulnerability where an attacker is able trick a remote server into sending unauthorized requests. SSRF opens the door to many types of undesirable things such as information disclosure, DoS and RCE. In this post, we’ll take a look at the types of exploits that are achievable when we have access to curl Redis via SSRF.

Tracking Your Most Popular Blog Post Tags in Google Analytics with Jekyll

Published: August 7, 2017

Tagging is a feature built into most blogging platforms. Typically tags differ from categories in that there are many more of them on your site and a larger number of them are applied to a specific post. Here’s how WordPress describes the difference…

Tags are similar to categories, but they are generally used to describe your post in more detail.

https://en.support.wordpress.com/posts/categories-vs-tags/

Regardless of the exact meaning, understanding which tags on your site are most popular can help you make decisions about what type of content to publish. This post outlines a strategy for identifying your most popular tags in Google Analytics

Magento External Malware Scans

Published: August 5, 2017

magento-malware-scanner is an extremely valuable tool to help keep your Magento installation secure. Scanning a codebase for malware is dead simple…

wget git.io/mwscan.txt
grep -Erlf mwscan.txt /path/to/magento

However, it’s equally if not more important to run an external scan of your Magento installation. Here I’ll cover why and how.

Benchmarking the Impact of Implementing a CDN

Published: August 3, 2017

In a talk I’m preparing titled, “Imagining A World Without Caching”, I’m benchmarking the impact of many different forms of caching. One type of caching that the talk covers is “edge caching” a.k.a. content delivery networks (CDNs). I spent a lot of time on Google trying to find hard data showing the impact that implementing a CDN had on page load times. Unfortunately, after nearly an hour of Googling, I couldn’t find the data I was looking for.

As such, I decided to do my own benchmarking. Here, I’ll share my data.