webappsec

Vulnerabilities in Open Source C2 Frameworks

Our latest post focuses on the command and control (C2) software frameworks used by professional offensive security red teams and criminal organizations alike. We dived into the source code of multiple high-profile, open-source C2s and discovered vulnerabilities in most of them. In this post, we provide a brief overview of C2 concepts, review the details of the frameworks’ identified vulnerabilities (with nifty reproduction gifs included!), and conclude with some final thoughts about the current state of the C2 landscape and what future developments might look like.

Coverage Guided Fuzzing – Extending Instrumentation to Hunt Down Bugs Faster!

In our latest blog post, we introduce coverage-guided fuzzing with a brief description of fundamentals and a demonstration of how modifying program instrumentation can be used to more easily track down the source of vulnerabilities and identify interesting fuzzing paths.

Discovering Deserialization Gadget Chains in Rubyland

Finding deserialization functions accepting user input can be exciting, but what’s your plan if well-known gadget chains aren’t an option for exploitation? In this post, we explore the process of building a custom gadget chain to exploit deserialization vulnerabilities in Ruby.

Customizing Semgrep Rules for Flask/Django and Other Popular Web Frameworks

We customize and use Semgrep a lot during our security assessments at IncludeSec because it helps us quickly locate potential areas of concern within large codebases. Static analysis tools (SAST) such as Semgrep are great for aiding our vulnerability hunting efforts and usually can be tied into Continuous Integration (CI) pipelines to help developers catch … Read more