Hello friends! We are back again with another cybersecurity theory again. This time we will be talking about remote file inclusion. This is a common vulnerability because we love dynamic content. Basically, this attack exploits the include() function in PHP. I found it really difficult for me when I was learning this method in the first place. For me, after I understand it, there are a lot of important things that can be confusing if they are not clearly stated. Let’s get started.
For you who have been working around web development, most likely you are aware of the “include” function to make the web development process more efficient in terms of generating dynamic content. …
Hello everybody, back to the penetration testing exercise. This time I exercised at root-me. This challenge is talking about a vulnerability in eval function implementation in the PHP language. Basically, sometimes, we have established some firewalls like regular expression filtration, but unfortunately, it still can be bypassed. In this challenge, we will talk about how we bypass a regular-expression firewall.
Okay, after telling you about the reason why you should start to learn computer programming, in this blog, I will tell you the code that I used to do my task in my office. If you have not read the reason why you should start to learn computer programming, you can go to the post here. Okay, let’s start our technical part.
Looking back at the document we have to process, what is the (human) logic here? I will repost the screenshot of the NIST CSF document.
I firmly believe that programming is important for everyone. Yes, I am stating everyone which includes IT and non-IT-related jobs. The ultimate reason why programming is important is that it teaches you how to think structurally. Seriously, though, a capability to think structurally is really beneficial whether in a timely manner or effort manner.
If you are working in an IT-related industry or IT division in a company, you may find programming is a must, probably that is why you are hired for. But the question is, is it important for the non-it-related jobs that maybe mostly be interacting with offices application? …
Risk is something that must be considered in the organization. Besides developing the organization through research and development, marketing, and another aspect, risk must be put on the agenda. Basically, because the risk is not handled, it will invite chaos. Especially in this digital era when technology becomes the business’s backbone.
When technology becomes the business’s backbone, it raises the responsibility for businesses to start considering technology-related risks. But as people said, easier said than done, because, technology changes rapidly. …
Finally, after a long time I run away from web challenges, I come back and continue to practice. In this challenge, I face one of my greatest fears of web challenge, the JWT challenge.
Again and again, I remind you that I will write the whole thinking process in creating this solution, so bear with me and keep learning!
For after a long period of not having any idea of doing any CTF challenge, I come back and try a new (for me) category, forensics. For me, this category is exciting. The point of forensics is to analyze in order to gain any knowledge about the past incident to understand the root cause or the impact of the incident. This particular challenge is interesting because I can say this is my first time 40 points challenge. So, Let’s go!
Note: As always, I always include the way I think of the solution, not just “magically” showing the solution.