Category Archives: Off-Topic

Learning from mistakes: The Yahoo hack

TL;DR

Belan’s observed offensive traits were as follows:

  • He identified peripheral web servers via Google and Linkedin searches

  • Used known WordPress flaws and custom bugs to compromise PHP sites

  • Linux authentication mechanisms were altered to capture credentials

  • Nmap was used to identify exposed network services internally

  • Corporate Wikis revealed administrative workflows and VPN details

  • Ticketing, bug tracking, and version control systems provided secrets (e.g. cryptographic keys, seeds, hashes, credentials, and source code)

  • Cookies from weak non-production instances (e.g. staging) were valid in production as cryptographic materials were the same — bypassing 2FA

  • Client certificates (exposed by email, ticketing, or lifted from filesystems) were combined with known credentials to access corporate VPNs

  • Engineering credentials were used to commit backdoors to version control which were self-approved and later deployed into production

Recognizing your mistakes

One of my favorite interview questions is: Tell me of one mistake you made and what happened.  Tell me of a second mistake. Tell me of a third.

Often a prospect will have one or two readily available, but have to resort to bare honesty by the third.

You can learn a lot about them from them this way.

Client K writes:

If someone says
they never make mistakes,
that simply means
they’re not intelligent enough
to recognize their mistakes.