(in)Security of JSONP: CSRF risks

JSONP vs JSON I had an opportunity to experiment exploiting JSONP in real life. Honestly, I had never heard of it before. JSON is a well known method to serialize data, but what is JSONP? Actually, it is nothing new, but rather a specific use of JSON. In AJAX websites, XMLHttpRequest is used in client-side Javascript…
Continue Reading

Pentest of a Wi-Fi network with Cisco NCS

I had a chance to audit this device during a Wi-Fi pentest. Cisco Prime Network Control System is a Wi-Fi controller that allows to manage multiple access points and centralize their configuration: Wi-Fi settings, access control, security, etc. I was surprised how easy it was to compromise this equipment, thanks to default credentials. Of course,…
Continue Reading

Password stealing using a password filter

Nice stuff from @mubix: the technic consists in injecting a DLL to lsass.exe, using the password filter feature of Windows. The password filter architecture is useful to check that a password is compliant with the system security policy. It will typically check that when a user changes his password, it follows the required complexity. Microsoft…
Continue Reading