NetSPI Blog

Kevin Burns
February 23rd, 2016

Directory Traversal, File Inclusion, and The Proc File System

Directory traversal and local file inclusion bugs are frequently seen in web applications.  Directory traversal is when a server allows an attacker to read a file or directories outside of the normal web server directory.  Local file inclusion allows an attacker the ability to include an arbitrary local file (from the web server) in the […]

Kevin Burns
July 21st, 2014

Stealing unencrypted SSH-agent keys from memory

If you've ever used SSH keys to manage multiple machines, then chances are you've used SSH-agent. This tool is designed to keep a SSH key in memory so that the user doesn't have to type their passphrase in every time. However, this can create some security risk. A user running as root may have the […]

Kevin Burns
April 7th, 2014

Using strace to monitor SSH connections on Linux

As a penetration tester, I like to avoid replacing binaries on running systems as it makes it more difficult to clean up the system after we're done. Occasionally a tester will come across a Linux server that is used to connect to other internal systems. It would be nice to be able to monitor the […]