Rediscovering CVE-2024-48990 and Crafting My Own Exploit

Introduction On November 19th, 2024, Qualys publicly disclosed five local privilege escalation vulnerabilities discovered in the needrestart binary that comes installed by default on Ubuntu Server installations. They disclose the technical details of these here, however, I will be attempting to rediscover CVE-2024-48990 prior to reading the technical details based purely on the information from the CVE description and references. Then, I will create my own exploit that gives me a reverse shell as root....

2024-11-25 · 8 min · Ally Petitt

How to Use NVRAM When Emulating an Embedded Device

Introduction Last week, I came across a piece of firmware that I was particularly curious about. As with typical analysis on such an image, I extracted the squashfs root using binwalk and found the web service, httpd, that I was targeting. A smile spread across my face as I typed a command into the terminal to run httpd in QEMU user mode, but after pressing the “Enter” key, I saw it:...

2024-07-05 · 18 min · Ally Petitt

How I became a hacker before I finished high school [Repost]

Author’s note: This article was initially published on Synack’s README. They have great content and I recommend that you browse their articles if you are interested cybersecurity. Editor’s note: This post from Ally Petitt describes her journey towards earning the vaunted OSCP at 16 > and being an active part of the Synack Red Team at 17. Check out Ally’s blog for more of her write-ups > on vulnerabilities she’s discovered, hacking techniques and more....

2024-05-07 · 10 min · Ally Petitt

Goodbye World - Migrating Away From Medium | Graduation & Next Steps

Introduction Hello everyone and welcome to the first exclusive post on my new personal website! I am very excited to be here and I hope that you are as well. The picture above is a bit dramatic, but communicates the message that I have decided to move forward. Those who have been following me will know that I first began my technical blog on Medium, which was an approachable outlet for sharing my knowledge as I first entered the field....

2024-05-03 · 5 min · Ally Petitt

How I Found 3 CVEs in 2 Days

Author: Ally Petitt Introduction Christmas break is notoriously refreshing for high schoolers like myself, however, unlike most high school students, I got to spend mine doing the most fascinating work in the world: security research. I had previously used Savannah, a GNU bug tracker, to submit a bug report, so when I noticed that the underlying technology, Savane, was open source, I knew I had to put it on my list of research projects....

2024-03-21 · 7 min · Ally Petitt

How to Find more Vulnerabilities — Source Code Auditing Explained

https://images.pexels.com/photos/374559/pexels-photo-374559.jpeg?auto=compress&cs=tinysrgb&w=1260&h=750&dpr=1 Introduction Whitebox penetration testing can be intimidating. Complex web applications may contain hundreds of thousands of lines of code and deciphering the connection between the various web components and their numerous implementations is challenging. A powerful, yet simple technique to approach the code review of such an application is to break it into manageable pieces. In this article, I will be outlining a methodology that can be used to break down large web applications, such as Content Management Systems (CMSs) into manageable components that can be systematically analyzed for vulnerabilities or logic errors....

2024-01-01 · 6 min · Ally Petitt

Stealthy Exploit Opens Door for Pre-Compilation Code Execution

https://img.rasset.ie/001babea-1600.jpg Introduction Linux users often take pride in their ability to compile their own code. In spite of this, a subtle yet critical attack vector has existed for over 20 years with high potential impact when exploited. Cleverly disguised within the configure.ac file, this attack vector allows malicious actors to execute code on your system before the compilation process even begins. While the absence of known exploits may lull users into a false sense of security, it is precisely this lack of awareness that makes this attack vector dangerous, increasing the chances of successful and large-scale exploitation....

2023-12-02 · 6 min · Ally Petitt

How I Found an Authentication Bypass Vulnerability — CVE-2023–43154

https://images.pexels.com/photos/5483149/pexels-photo-5483149.jpeg?auto=compress&cs=tinysrgb&w=1260&h=750&dpr=1 Introduction Discovering a CVE was always an idea that enticed me, but I had no idea how to achieve it. Encountering the authentication bypass that I will explain in this article was both unexpected and deeply inspiring. In my preparation for the OSWE, I decided to practice identifying the exam vulnerabilities in real, open-source applications, which would both give me practice for the exam and enable me to contribute to the security community....

2023-09-29 · 8 min · Ally Petitt

How to safely convert to LVM without losing your data

Introduction This article is a walkthrough that demonstrates the solution to a particular situation that computer owners may encounter when updating their system. For readers who do not fit into the scenario listed below, this is also a great article for familiarizing yourself with the practical application of logical volume manager (LVM). Otherwise, feel free to modify your approach as works best with your scenario. Scenario: You have a hard drive with all your files on it that uses physical partitions....

2023-08-19 · 4 min · Ally Petitt

Beyond the Screen: The Hidden World of Firmware Security

Introduction Firmware is a critical component of electronic devices. It is the program that is installed on embedded systems that defines their functionality. Firmware is responsible for initializing the hardware components as the computer boots up, enabling the device to function properly. Attacks against firmware have been of increasing interest to hackers due to their relative ease to exploit in a world of increasingly more secure application- and network-layer security practices....

2023-08-05 · 12 min · Ally Petitt

Reverse Engineering — Analyzing Headers

objdump is a command line tool that can be used to gain insight into an executable binary. In this article, the tool will be used to dump all of the headers of the ELF binary heapedit with the command below. Then, we will analyze and explain each section of output from the top to the bottom. objdump -x ./heapedit Executable and Linkable Format (ELF) files are a common file format for object files, executable binaries, core dumps, and shared libraries....

2023-07-13 · 11 min · Ally Petitt

5 Ways I Bypassed Your Web Application Firewall (WAF)

Introduction This article will explain the tools and techniques used by web application penetration testers and security researchers to successfully bypass web application firewall (WAF) protections. WAFs are a cybersecurity solution to filter and block malicious web traffic. Common vendors include CloudFlare, AWS, Citrix, Akamai, Radware, Microsoft Azure, and Barracuda. Depending on the combination of mechanisms used by the firewall, the bypassing methods may differ. For instance, WAFs may use regex to detect malicious traffic....

2023-06-01 · 7 min · Ally Petitt

5 Ways I Found Your Deleted Files

Computer Forensics for File Recovery https://edgy.app/wp-content/uploads/2018/04/dataleakhackerGorodenkoff-970x546.jpg Introduction When a file is “deleted”, its contents aren’t typically erased from the storage device that it was stored on. More often than not, the blocks that stored the file are marked as unallocated and the filesystem pointers are removed from it. The implication is that the file still exists on the disk until it is overwritten. There are many methods to recovering the raw, unallocated data....

2023-05-13 · 9 min · Ally Petitt

How to Encrypt a Drive in Linux

Introduction Hey everyone, this is a pretty quick article on LUKS drive encryption on Linux with the cryptsetup library. By following the steps outlined here, you will be able to encrypt a drive, decrypt it, and mount it. This was done in a Kali Linux VM and commands may vary for other distributions. Disclaimer: This is not an area that I have much experience in so if details are inaccurate, I apologize in advance....

2023-05-05 · 5 min · Ally Petitt

Snort IPS Quickstart

Introduction Snort is an open source Intrusion Prevention System (IPS) that detects malicious network traffic by comparing the network packets to a set of rules, often created by Snort and the community. Snort can be used as a packet sniffer, packet logger, and intrusion prevention system. In this article, I’ll go over some of the first steps of installing, configuring, and running Snort so that new users have a place to branch off of....

2023-05-02 · 5 min · Ally Petitt