We have seen many security incidents. Any breach in security cause concern among enterprises. To be honest it not only concern them, it also gives birth to their nightmare, distrust and scepticism as organisation. The root cause of this distrust is improper implementation and configuration.
Opstree Security has started a new initiative where we rigorously analyse and implement CIS Benchmark of every tools being used today.
In this CIS series, we will discuss the CIS Benchmarks of PostgreSQL.
For those who are new to PostgreSQL . Let us give you a quick summary of it.
So, this is my writeup on how I was able to achieve my first Remote Code Execution. Also after reviewing the code I was able to understand more about malicious code execution via OS functions. Finally, I was able to capture the flag and get the Hall of Fame, Check.
Out of Band(OOB) Command Injection is performed by sending a DNS request to a server, which occurs when input data is interpreted as an operating system command. By this, an attacker can execute arbitrary commands on the system and gain unauthorized access.
As we’re going through a pandemic majority of business have taken things online with options like work from home and as things get more and moreover the internet our concerns regarding cybersecurity become more and more prominent. We start to dig a little to have standards in place and terms like Compliance, Hardening, CIS, HIPPA, PCI-DSS are minted out. Today we’ll be discussing why to have CIS benchmarks in place in the least and how we at Opstree have automated this for our clients.
Before moving forward get familiar with basic terms:
Amrita InCTF 10th Edition is an offline CTF(Capture the Flag) event hosted by Amrita University. In our previous blog, we discussed about talks from the first day. In this we’ll share some lights on the talks from second day.
Amrita InCTF 10th Edition, is an offline CTF(Capture the Flag) event hosted by Amrita university at their Amritapuri campus 10 KM away from Kayamkulam in Kerala, India. In this year’s edition two people from Opstree got invited to the final round after roughly two months of solving challenges online. The dates for the final rounds were 28th,29th and 30th December 2019. The first two days comprised of talks by various people from the industry and the third day was kept for the final competition. In the upcoming three blog series starting now, we’d like to share all the knowledge, experiences and learning from this three day event.