Basic Fortigate Firewall Configuration

InfoSec Write-ups - Medium-- ( Beginners Guide part 2)In the first part of our “Fortigate basic configuration guide”, we looked at administrator set up, interface configuration with DHCP service running that will lease ip addresses to your clients, and finally, we have configured a firewall address object for a specific device on our subnet, My Mac book.We … Continue reading Basic Fortigate Firewall Configuration

Breaking down — Command Injections

InfoSec Write-ups - Medium-- Breaking down — Command InjectionsCommand Injection or OS Command Injection is Remote Code execution vulnerabilities, where an attacker is able to exploit an unsanitized user input further to run default OS commands in the server.Code Injection: allows the attacker to add their own code that is then executed by the application.Command Injection: the attacker … Continue reading Breaking down — Command Injections

WebGoat SSRF 2 3

InfoSec Write-ups - Medium-- WebGoat SSRF 2WebGoat SSRF lesson 2After watching this mind-blowing talk about SSRF from Orange Tsai’s see what’s in this lessonTom, pretty straight forwardPress the button and we get TomThe lesson explicitly tells us to change the URL to “jerry”Hidden page inputInspect the button with your browser dev tool, find the hidden input and change the URL from “tom” to “jerry”And … Continue reading WebGoat SSRF 2 3

Simple I.P Logger in Python

InfoSec Write-ups - Medium-- Here I will be briefing, how I created my first python tool for grabbing I.P address(IPv4) and detecting OS (Operating System) for user present on same network.#Only for educational purpose don’t perform any malicious action on the network which you did not own. Strict actions could be taken!Hola Pal’sTested on Python3Getting StartedIt’s a simple … Continue reading Simple I.P Logger in Python

Memory Analysis For Beginners With Volatility — Coreflood Trojan: Part 2

InfoSec Write-ups - Medium-- Memory Analysis For Beginners With VolatilityCoreflood Trojan: Part 2Hello everyone, welcome back to my memory analysis series. If you didn’t read the first part of the series — go back and read it here:Memory Analysis For Beginners With Volatility — Coreflood Trojan: Part 1Just to recap quickly:(if you don’t want the recap skip to the next section) Last … Continue reading Memory Analysis For Beginners With Volatility — Coreflood Trojan: Part 2