Building off my last two posts, I wanted to utilize the simple application I created in yet another proof-of-concept that involves the following AWS technologies: Elastic Container Service (ECS) Network automation via Cloudformation CodeCommmit CodePipeline CodeBuild For this adventure, I wanted to work through an AWS CI/CD…
Using CodePipeline, CodeDeploy, and CodeCommit with an EC2 AutoScaling Group
Building off my last post, I wanted to utilize the simple application I created in another proof-of-concept that involves the following AWS technologies: Elastic Cloud Compute Instances (EC2) EC2 Autoscaling Groups Network automation via Cloudformation CodePipeline CodeCommmit CodeDeploy The gist of this new proof-of-concept involves wrapping my…
Jumping into React, Node, MongoDB, and AWS S3
So I finally got around to working with some technologies that have been on my hot-list for quite some time. NodeJS, React, and MongoDB see a lot of use in the application development industry and it was high time I put my nose into them. I decided…
DNS Exfiltration using SQLMap in a Microsoft SQL Environment
You may have seen my last post related to DNS exfil in a MS-SQL environment using Burp Suite’s Collaborator tool. I had mentioned that spinning up a DNS infrastructure that allows you to perform DNS exfil outside of this tool can be difficult. I was quickly notified…
DNS Exfiltration through Blind SQL Injection in a MS-SQL Environment Using Burp Collaborator
I had an engagement the other week where I discovered a few instances of Blind SQL Injection in a .NET application with a Microsoft SQL Server (MS-SQL) back-end database system. The underlying account user had “sysadmin” privileges but due to the reservations of my client, I chose…
Forwarding Shells Through A Jump Box Using SSH
I worked through a netpen CTF the other day that provided me a jump box to access the entire scenario with. Despite there being some tools installed on the jump, I didn’t want to use it as my attacking host nor did I want to catch shells…
Application Enumeration Tips using Aquatone and Burp Suite
I was recently introduced to a really cool domain flyover tool named Aquatone written by Michael Henriksen. In the past, I had used another really cool tool known as EyeWitness to perform similar tasks. In short, both of these tools screenshot web application resources (among other things)…