Most of the applications I see these days heavily depend on APIs. Pentesting them is a bit different than that of web applications. In this writeup I will show you how I discovered the vulnerabilities in the “Vulnerable API” project.
Dangling DNS records are not something new. They are just out-of-date DNS records which may have served its purpose in the past. This DNS record trash has been there for ages and was not considered a security issue. They are pointing to some resource (IP or DNS record) that was owned/trusted in the past. What makes the dangling DNS record deadly is the fact that others can seize the resources that the record is pointing to.
Gitleaks has become quite popular. Its features gives a tough competition to its predecessor trufflehog. Some of its uber cool features are: Comparatively fast when scanning large repos (as it is a compiled Golang binary) It can run on all platforms that Golang supports. User can add custom regex to detect more secrets Allows whitelisting of detected secrets / false positives Allows audit of GitLab and GitHub repos, groups and orgs.
Every time I want a cloud managed message queue, I would look at AWS SQS service. It’s simple. Create a SQS queue, get the HTTP endpoint for the queue, start posting the messages using any HTTP client like curl. This time I made up my mind to give GCP’s counterpart a try. The GCP’s counterpart is Pub/Sub. On a high level, the queue is known as topic in the Pub/Sub terms.
As part of my research, I wanted a way to find all the DNS records which points to a particular IP address. Not only should it be fast, it should be cheap as well. If you are a DNS researcher you would know about the Rapid7’s free FDNS dataset. I was not able to find any online post that showed me how to get subdomains using IP address in the FDNS dataset.
When you give access to developers to create firewall rules, they generally open all sorts of ports to the internet. All they need to do / expected to do is get the product working. The rest doesn’t matter. This was the same with the company I worked with. There were tonnes of firewall rules in the GCP projects which opened many ports to the public internet. One could think of deleting firewall rules straight away and check if something is breaking on production.