burpsuite Archives | JUMPSEC LABS

JUMPSEC LABS

The JUMPSEC Lab is a place where the technical team get creative and showcase their latest security research, publications, interesting news and general thoughts! We love what we do and are passionate about security, with some great upcoming projects planned, bookmark our site and stick around to see what we are working on.

What’s in a Name? Writing custom DNS tunnelling protocol, exploiting unexpected AWS Lambda misconfiguration – in a web app Pen test (Part 2)

by Sunny Chau | Jun 13, 2024 | burpsuite, Exploitation, network, Research, Vulnerability

In Part 1 of the series we looked at how an AWS Lambda-powered feature was exploited in a web app penetration test initially leading to RCE and further on with out-of-band data exfiltration via DNS. Though the exact mechanism of achieving remote-code execution with Python was not discussed, we went in depth in how to return data as a result of the code being executed. Initially, with ascii-to-integer encoding I was able to find the username of the runtime user - sbx_userNNN. In the first blog...

What’s in a Name? Writing custom DNS tunnelling protocol, exploiting unexpected AWS Lambda misconfiguration – in a web app Pen test (Part 1)

by Sunny Chau | Jun 6, 2024 | burpsuite, Exploitation, network, Research, Vulnerability

This is a war story of an AWS web application test where remote code execution was first obtained on the client's application. Then I needed to write my own DNS tunnelling 'protocol' to get the data out. Following a number of twists and turns I impersonated the application and attempted to laterally move within the AWS tenant. Before storytelling though, let's start with a public service announcement: The Public Service Announcement As the title suggests, I discovered that it was possible to...

Burp Suite and Beyond: Exploring non-HTTP protocols using MITM_RELAY

by editor | Aug 24, 2021 | Application Security, burpsuite, network, Network Tools, Research

In this article, Muhammet takes us on a deep technical journey to persevere beyond the limitations of the proxy tool Burpsuite, and explore non-HTTP, application-layer protocols using ‘MITM RELAY’.

JUMPSEC LABS

What’s in a Name? Writing custom DNS tunnelling protocol, exploiting unexpected AWS Lambda misconfiguration – in a web app Pen test (Part 2)

What’s in a Name? Writing custom DNS tunnelling protocol, exploiting unexpected AWS Lambda misconfiguration – in a web app Pen test (Part 1)

Burp Suite and Beyond: Exploring non-HTTP protocols using MITM_RELAY

[Latest Posts]

[Categories]

GitHub

Follow JumpsecLabs

Disclaimer